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The  Good  The  Bad 


82%  of  you  employ 
aCSO,  CISOorCPO 

93%  have 
deployed  firewalls 

72%  encrypt  data 


69%  do  not  keep 
an  accurate  inventory 
of  user  data 

33%  of  all  enterprises 
are  NOT  in  compliance 
with  Sarbox,  HIPAA 
or  state  privacy  laws 


The  Ugly 

40%  of  you  don’t 
know  how  many 
security  incidents 
you’ve  experienced 

45%  don’t  know 
what  type  of  attacks 
have  occurred 


Exclusive  Research 
Begins  on  Page  50 
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BUSINESS  TECHNOLOGY  LEADERSHIP 


FROM  THE  EDITOR 


Be  Here  Now 

This  simple  dictum  has  power  beyond  the  obvious 

On  a  recent  trip  to  the  West  Coast,  I  visited 
with  PG&E  CIO  Patricia  Lawicki  at  her  company’s 
headquarters  in  San  Francisco.  PG&E  emerged  from 
bankruptcy  protection  a  few  years  ago  with  an  almost 
completely  new  executive  team  and  a  major  transfor¬ 
mation  effort  ahead  of  it.  The  new  CEO,  Peter  Darbee, 
began  the  turnaround  with  a  culture  change.  Accord¬ 
ing  to  Lawicki,  company  directors  and  their  direct 
reports  went  through  weeks  of  facilitated  sessions  to 
both  define  a  set  of  values  everyone  would  live  by  as 
well  as  to  map  out  how  those  values  would  be  demonstrated  in  the  daily  life  of  the 
company.  The  values  include  acting  with  integrity,  communicating  openly  and  honestly, 
respecting  each  other,  meeting  customer  and  shareholder  needs,  and  being  accountable. 
The  values  are  supported  by  a  set  of  dictums  and  concepts  to  help  bring  them  to  life. 

One  that  I  found  personally  relevant  is  “Be  here  now.”  Borrowed  from  the  title  of  a 
1971  book  on  spirituality  by  Ram  Dass  (or  an  album  by  the  rock  band  Oasis,  depending 
on  your  orientation),  the  idea  is  that  whatever  you  are  currently  spending  your  time 
on  should  be  important  enough  to  give  it  your  full  attention.  No  beneath-the-table 
BlackBerry  fiddling  in  meetings;  no  IM  while  on  the  phone,  no  thinking  about  a  work 
problem  when  your  kid  is  telling  you  about  her  day.  As  an  incorrigible  multitasker,  this 
was  a  powerful  message  for  me. 

PG&E  reinforces  these  ideas  with  wallet  cards  and  posters  in  the  halls.  At  every  staff 
meeting,  one  of  Lawicki’s  direct  reports  explains  how  he  or  she  has  embodied  one  of 
the  concepts  in  the  past  month.  “I’ve  been  through  these  exercises  before,  where  you 
spend  a  few  weeks  coming  up  with  your  vision  and  values  statement,  then  it  goes  in  a 
drawer,”  Lawicki  said.  “We  didn’t  want  that  to  happen.” 

Attendees  at  August’s  CIO  100  Symposium  were  treated  to  a  variation  on  this  theme 
by  Dewitt  Jones,  the  renowned  National  Geographic  photographer.  He  urged  the  audi¬ 
ence  to  “see  the  extraordinary  in  the  ordinary”  and  to  ask,  “What  will  I  be  given  today, 
and  will  I  be  open  enough  to  receive  it?” 

For  me,  these  simple  ideas  are  a  means  to  demonstrate  greater  respect  for  the  peo¬ 
ple  around  me  and  achieve  a  greater  sense  of  personal  fulfillment.  I  suspect  they  will 
enhance  my  effectiveness  as  well.  Not  bad  for  three  small  words. 


Abbie  Lundberg,  Editor  in  Chief 
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president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 

EDITORIAL 

EDITOR  IN  CHIEF 

Abbie  Lundberg 

EDITOR 

David  Rosenbaum 

EXECUTIVE  EDITOR 

Elana  Varon 

ASSISTANT  MANAGING  EDITOR 

Emily  Henderson 

TECHNOLOGY  EDITOR 

Laurianne  McLaughlin 

SENIOR  EDITORS 

Stephanie  Gelston,  Kim  Nash. 
Stephanie  Overby 

SENIOR  WRITER 

Thomas  Wailgum 

ASSOCIATE  STAFF  WRITERS 

Christopher  Lynch,  Katherine  Walsh 

COPY  EDITOR 

Susan  Bryant-Still 

EDITORIAL  ASSISTANT 

Kristin  Burnham 

EDITORIAL  ADMINISTRATOR 

Jill  Paquette 

CONTRIBUTORS 

Bernard  Golden,  Martha  Heller,  Christopher  Koch. 
China  Martens.  Gerry  McCartney. 

Matt  Villano.  Bob  Violino 

DESIGN 

EXECUTIVE  DIRECTOR.  ART  AND  DESIGN 

Mary  Lester 

ART  DIRECTORS 

Terri  Haas,  Steve  Traynor 

ONLINE  EDITORIAL 

ONLINE  EDITORIAL  DIRECTOR 

Christopher  Lindquist 

ONLINE  MANAGING  EDITOR 

Michael  Goldberg 

SENIOR  ONLINE  EDITORS 

Meridith  Levinson.  Shawna  McAlearney, 
Esther  Schindler 

ASSOCIATE  ONLINE  EDITOR 

Diann  Daniel 

ONLINE  WRITER  Al  SaCCO 
ONLINE  COPY  EDITOR 

David  Gradi|an 

RESEARCH 

RESEARCH  MANAGER 

Carolyn  Johnson 

SENIOR  RESEARCH  ANALYST 

Seanna  Maguire 


MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 

iPBPA 

wtlfwill- 

©CXO  Media  Inc. 


WHO  COVERS  WHAT  WWW.CiO.COIV/Staff 

e-mail  letters@cio.com  phone  508  872-0080 
fax  508  879-7784  address  CIO  Magazine,  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.0.  Box  9208, 
Framingham,  MA  01701-9208  website  www.cio.com 
subscriber  services  866  354-1125  • 

Fax  847  564-9453  •  E-mail  cio@omeda.com 
reprint  services  Keith  Williams  •  PARS  International 
•  212  221-9595  ext.  319  •  E-mail  keith.williams@ 
parsintl.com  rights  and  permission  Yadira  Pizarro  • 
212  221-9595  ext.  231  •  E-mail  yadira@parsintl.com 


8 


SEPTEMBER  15,  2007  |  www.cio.com 


PHOTO  BY  STEVEN  VOTE 


Bring  your  customers 


imi,  •““♦‘si'in a.'  -• 


the  next  big  thing. 


And  the  next.  And  the  next 


And  the  next... 


The  race  to  win  new  customers  is  more  competitive  than  ever.  How  can  cable 
companies  win?  That's  a  question  we're  helping  to  answer  at  Alcatel-Lucent. 
We  are  teaming  with  some  of  the  largest  cable  companies  in  the  world,  providing 
them  with  advanced  multi-service  aggregation  networks  so  they  can  deliver 
premium  consumer  and  business  services  to  their  customers  —  with  carrier-class 
reliability  and  unparalleled  service  velocity.  That's  video  on  demand,  high 
definition  television,  VoIP,  VPN  for  businesses  and  other  cutting-edge  services, 
all  on  the  same  network. 


And  that's  just  part  of  the  story.  We  can  also  apply  our  expertise  as  a  leader  in 
wireless  networks  and  blended  services  to  help  you  expand  your  offering  to  next 
generation  converged  services,  giving  customers  more  reasons  than  ever  to 
choose  cable.  Whether  it's  wireless  or  wireline,  our  solutions  are  so  reliable  you  can 
offer  guaranteed  quality  of  service.  We  deliver  an  infrastructure  so  highly  scalable 
you're  ready  not  just  for  today's  challenges,  but  for  tomorrow's  breakthroughs 
as  well.  That  way,  you've  got  the  market  covered  from  every  angle. 

Because  the  world  is  always  on. 


Alcatel-Lucent.com 


Alcatel*  Lucent 


t’2007  Alcatel-Lucent 


BUSINESS  TECHNOLOGY  LEADERSHIP 


FROM  THE  CEO 


Are  You  Open  to 
Innovation? 

Is  R&D  is  a  core  competency  you  have  to  own?  Not  if  it 
costs  too  much  and  bogs  you  down. 

At  the  CIO  100  Symposium  this  year,  delegates  were 
treated  to  a  plethora  of  ideas,  innovation  and  knowledge 
sharing  that  bordered  on  the  extreme.  Of  all  of  the  issues 
discussed,  I  was  most  intrigued  by  the  concept  of  open 
innovation.  Both  Don  Tapscott,  author  of  Wikinomics,  and 
Dwayne  Spradlin,  president  and  CEO  of  InnoCentive, 
discussed  in  detail  how  the  traditional  practice  of  R&D 
is  not  only  flawed  but  essentially  dead. 

The  central  idea  of  open  innovation,  as  defined  on 
Wikipedia,  is  that  “in  a  world  of  widely  distributed 
knowledge,  companies  cannot  afford  to  rely  entirely  on  their  own  research,  but  should 
instead  buy  or  license  processes  or  inventions  (i.e.  patents)  from  other  companies.  In 
addition,  internal  inventions  not  being  used  in  a  firm’s  business  should  be  taken  outside 
the  company.”  Henry  Chesbrough,  a  professor  and  executive  director  at  the  Center  for 
Open  Innovation  at  Berkeley,  is  credited  with  coining  the  phrase. 

Now  you  might  say  this  sounds  ridiculous,  futuristic  or  plain  scary.  However,  when 
Alan  Lafley,  CEO  of  P&G  and  one  of  the  most  admired  CEOs  in  the  world,  proclaims,  as  he 
did  in  2003,  that  “50  percent  of  all  P&G  discovery  and  invention  could  come  from  outside 
the  company,”  CIOs  and  other  executives  should  take  notice.  This  is  even  more  remarkable 
when  you  think  that  only  one-fifth  of  P&G’s  R&D  came  from  the  outside  in  2002. 

Couple  the  concept  of  open  innovation  with  the  idea,  expressed  at  the  CIO  100  Sym¬ 
posium  by  Randall  Stephenson,  CEO  of  AT&T,  that  in  an  IP-based  world,  the  RPMs  of 
commerce  will  increase  exponentially  over  time,  and  you  need  to  be  thinking  about  how 
you  can  accelerate  your  own  product  development  cycles.  Open  innovation  not  only 
allows  for  massive  collaboration  but  it  also  enables  solutions  and  innovation  to  occur 
at  a  faster  pace. 

This  practice  is  only  going  to  grow  in  acceptance.  It  is  something  that  your  organi¬ 
zation  should  not  only  be  discussing  but  aggressively  adopting.  Be  assured  that  your 
competitors  are. 

To  learn  more  about  this  remarkable  topic,  I  recommend  the  following  websites: 
innovation.net,  innocentive.com,  open-innovation.com  and  wikinomics.com. 


Michael  Friedenberg,  President  and  CEO 

mfriedenberg(a)cio.com 


10  SEPTEMBER  15,  2007  |  www.cio.com 


PHOTO  BY  CHRISTOPHER  HARTING 


president  and  ceo  Michael  Friedenberg 
publisher  Gary  J.  Beach 

CXO  MEDIA  INC 

CIRCULATION 

svp,  circulation  Carol  A.  Spach 
subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 

GENERAL  MANAGER  Mark  Hall 
MANAGING  DIRECTOR,  PROGRAM  SERVICES  Shaw  Lively 
vp.  development  Dexter  Siglin 
managing  dir.,  content  development  Richard  Pastore 
mgr.,  group  services  and  research  Michael  Swenson 
marketing  communications  manager  Jennifer  Baker 
senior  architect  Lawrence  Coffin 
director  of  development  Steve  Rovniak 
group  services  manager  Ellen  Friedman 
senior  manager,  member  services  Carrie  Mathews 

PROGRAM  SERVICES  MANAGERS 

Joyce  Dunnells,  Michael  Fahlsing. 

Bill  Roche,  Janet  Williams 
program  specialists  Lisa  Desmarais.  Susan  Hupp 

DEVELOPMENT  MANAGERS  Bob  Diack. 

John  Harrison.  Kathy  Mayer 

development  associate  Kristin  Bradshaw 
sales  associate  Jennifer  Finn 

EXECUTIVE  PROGRAMS 

VP,  EXECUTIVE  programs  Ellen  Daly 
dir.,  event  marketing  Mary  Conroy 
dir.,  event  operations  Deb  Begreen 
senior  conference  producer  Judith  Kittredge 
NATIONAL  SALES  MANAGER  Curtis  Chiu 
event  planner  Sarah  Reagan 
event  coordinator  Bethany  Whiffin 
client  services  specialist  Cress  O'Brien 
client  relations  associate  Erica  Foster 
sales  associate  Nicole  Blackburn 

INFORMATION  SYSTEMS 
idg  dir.  of  information  services  Nancy  Newkirk 
i.t.  manager  Sean  McCracken 
senior  user  support  specialists 
Christopher  A.  Kay,  Thomas  Lupien 
user  services  specialist  Gloria  Lam 
associate  user  support  specialist  James  Brevard 
senior  web  developer  David  Cohen 
web  developer  Sanghee  Seo 

PRODUCTION 

vp,  manufacturing  Chris  Cuoco 
production  manager  Heidi  Broadley 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

SR.  DIRECTOR,  MARKETING  COMM.  Sue  YanOVitCh 

sr.  marketing  comm,  specialist  Susan  Murray 
marketing  comm,  specialist  Lynn  Holmlund 

RESEARCH 

research  manager  Carolyn  Johnson 
senior  research  analyst  Seanna  Maguire 

ADMINISTRATION 

coo  Matt  Smith 

SENIOR  FINANCIAL  ANALYST,  ONLINE  AND 

integrated  products  Chris  Bernardi 
accounting  specialist  Amy  Small 
executive  assistant  to  the  president  Diane  Martin 
facilities  specialist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp,  human  resources  Patricia  Chisholm 

hr  representative  Pauline  Boyle 


MEDIA  INC. 
INTERNATIONAL  DATA  GROUP 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 

#BPA 

©  CXO  Media  Inc. 


Fujitsu  recommends 
Windows  Vista 
Business. 


New  energy  for  greater  mobility. 

The  LifeBook®  T4200  Tablet  PC:  Energize  your  mobile  workforce 
with  Enterprise-class  reliability. 


The  Fujitsu  LifeBook®  T4200  Tablet  PC  with  Intel®  Centrino®  Duo  Mobile  Technology  reflects  the  Fujitsu  commitment  to  delivering 
the  most  reliable  products.  It’s  manufactured  in-house  so  we  can  maintain  the  highest  quality  standards.  The  Fujitsu  LifeBook 
T4200  Tablet  PC  also  features  the  industry’s  first  bi-directional  LCD  hinge  and  a  brilliant,  12.1"  XGA  display  with  wide  viewing 
angles,  so  it’s  impressive  any  way  you  look  at  it.  And  whether  you  use  its  keyboard  or  powerful  inking  capabilities  and  pen-driven 
navigation,  you  get  the  best  of  both  worlds.  Go  to  us.fujitsu.com/computers/reliability  for  more  information. 


SUPERIOR  CONNECTIVITY  Wi-Fi,  Gigabit  Ethernet, 


BUILT-IN  MODULAR  BAY  add  a  weight-saver, 


modem  and  optional  Bluetooth  2.0 

DUAL-FUNCTIONALITY 

it's  a  notebook  and  a  Tablet  PC 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


media  drive  or  2nd  battery 


Core' 2  Duo 

• _  _J  TM 

inside 


©2007  Fujitsu  Computer  Systems  Corporation.  All  rights  reserved.  Fujitsu,  the  Fujitsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited  Centrino,  Centnno  Logo.  Intel.  Intel  Logo,  ir  it-  is>de 
and  Intel  Inside  Logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of 
Microsoft  Corporation.  All  other  trademarks  are  the  property  of  their  respective  owners. 


We  have  just  one  thing 
to  say  to  everyone  who 
believes  a  SINGLE  platform 
can't  change  EVERYTHING 
about  data  management. 


Staffing  Services 
Team  Services 
Component  Services 
Workforce  Management  Services 
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...which  is  why  we  are  committed  to  bringing  you  innovation, 
expertise,  and  the  nation's  best  talent. 

. 

TEKsystems®  is  proud  to  have  earned  a  reputation  for  offering 
unparalleled  technology  expertise,  in  fact,  as  a  leading 
technology  services  company,  our  commitment  to  creating 
and  upholding  the  highest  standards  is  only  exceeded  by 
our  passion  to  satisfy  customers  through  superior  service. 

Deploying  expertise  with  the  right  skills  and  methodology 
to  manage  complex  technology  implementations  is  our 
primary  goal.  We  constantly  challenge  ourselves  to  build 
upon  our  robust  portfolio  of  services,  and  deliver  top-tier  talent 
capable  of  implementing  virtually  any  form  of  technology. 

Visit  us  at  www.teksystems.com  for  more  information, 
or  call  888-835-7978  to  arrange  to  meet  with  an  account 
manager. 

people  you  can  trust,  results  you  can  count  on 

systems. 
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focus.  We  thank  them  for  their  generosity  in  sharing  their  insight  into  the 
world  of  IT  leadership. 
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TEKsystems'  Thought  Leadership  Series 


How  CIOs  in  Mid-Sized 
Enterprises  Can  Close 
the  IT  Knowledge  Gap 


TEKsystems’  Thought  Leadership  Series 
White  Paper  -  Summer  2007 


"Surprisingly,  there  appears 
to  be  a  significant  knowledge 
gap  on  what  it  takes  to  be  a 
successful  CIO  in  a  mid-sized 
enterprise." 

As  the  premier  provider  of  Technology 
Execution  services,  we  offer  expertise 
to  thousands  of  CIOs  everyday.  It  is  a 
privilege  to  support  organizations  of 
all  sizes,  and  in  this  capacity,  we've 
uncovered  some  significant  evidence 
suggesting  CIOs  in  mid-sized  enterprises 
are  simply  not  receiving  their  fair  share 
of  attention. 

Understanding  your  business  as 
insiders— recognizing  the  resource  and 
financial  restraints  CIOs  must  work 
around  to  get  their  jobs  done— is  what 
makes  such  insights  especially  valuable. 
To  learn  more,  view  our  white  paper  online 
at  http://whitepaper.teksystems.com. 

Our  goal  is  to  become  a  valuable 
contributor  to  your  business.  And  our 
Thought  Leadership  Series  is  one  more 
way  to  demonstrate  that  commitment 
to  you. 

http://whitepaper.teksystems.com 
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systems. 
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All  we  are  saying  is  give  perfectly 
good  hardware  a  chance. 

VoIP  is  the  future.  So  step  into  it. 

Not  by  ripping  and  replacing,  but  by 
sticking  with  the  here  and  now.  It's 
possible  because  now  moving  to  VoIP 
isn't  about  hardware. 

■  •  ,v£*  '  f-. 

It's  about  software. 

You  can  keep  your  hardware — your 
PBX,  your  gateways,  even  your  phones. 
Simply  move  to  VoIP  with  software. 
Software  that  integrates  with  Active 
Directoryf  Microsoft*  Office,  Microsoft 

■  .  .  ^*7/ Vi, 

Exchange  Server,  and  your  PBX. 

Maximize  your  current  PBX  and 
phone  investment  and  make  it  all  part 
of  your  new  software-based  VoIP 
solution  from  Microsoft.  Your  hardware 
is  ready  when  you  are.  Learn  more  at 
microsoft.com/voip 


Your  potential .  Our  passion. 

Microsoft 
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They  can’t  even  see  the  past,  much  less  the  future. 

But  you  can.  With  proven  business  intelligence  and  analytic  software  from  SAS 


www.sas.com/goldfish 
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F  i  ve  Yea  rs  Afte  r  Sa  r  box , 
Is  IT  Better  Off? 


compliance  Paul  Sarbanes  and 
Michael  Oxley  have  left  Congress,  but 
they’re  never  far  from  the  thoughts 
of  CIOs  responsible  for  making  their 
companies’  financial  systems  produce 
accurate  data.  A  favorite  kvetch  is  the 
high  cost  of  complying  with  the  Sar- 
banes-Oxley  Act  of  2002.  But  CIOs 
are,  in  some  ways,  now  better  off. 

For  the  past  five  years,  CIOs  have 
dealt  with  being  micromanaged  by 
colleagues  outside  of  IT.  They’ve 
suspected  a  conspiracy  by  CFOs 
to  undermine  them.  They’ve  been 
inundated  by  vendors  with  fabulous 
claims  of  compliance-in-a-box  and 
they’ve  listened  to  former  Federal 
Reserve  Chairman  Alan  Greenspan 


decry  Sarbanes-Oxley  as  a 
“nightmare”  that  should  be 
rewritten. 

But  looking  back,  the  rules 
that  Sarbanes,  a  former  Senate 
Democrat  from  Maryland,  and 
Oxley,  a  former  Republican 
representative  from  Ohio, 
wrote  to  make  U.S.  companies 
more  accountable  for  their 
financial  data  also  have  lifted 
the  career  trajectories  of  some 
CIOs,  says  Lee  Dittmar,  a 
principal  at  Deloitte  Consulting  who 
oversees  enterprise  governance. 

Yes,  Dittmar  says,  Sarbanes-Oxley 
burdened  technology  departments  by 
forcing,  for  example,  more  detailed 


reporting  about  how  software  proj¬ 
ects  affect  a  company’s  financial  data. 
IT  also  now  has  to  work  side  by  side 
with  internal  and  external  auditors, 
and  the  finance  Continued  on  Page  20 
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Wikia  Throws  Google  a  Curveball 


iiimm 


search  Google  and  other  search  engines  face  far  more 
than  just  a  new  rival  in  Wikia:  They  face  the  prospect  of  hun¬ 
dreds,  even  thousands,  of  new  competitors. 

The  Wikia  search  engine  project  will  enter  the  open- 
source  domain,  drastically  reducing  the  cost  for  just  about 
anyone  to  make  a  search  engine,  says  Gil  Penchina,  CEO 
of  Wikia.  Instead  of  paying  millions  to  get  a  site  going,  new 
search  companies  will  find  key  items  free  online,  he  says. 

"In  search,  it  still  costs  about  $5  million  to  $10  million  to 
build  a  site,”  says  Penchina.  “We  want  to  make  it  possible  for 
anyone  to  build  a  search  site  for  $500.  We  don’t  view  Google 
as  the  competition,  we  view  cost  as  the  competition.” 

The  project,  started  by  Wikipedia  cofounder  Jimmy 
Wales,  consists  of  four  components:  the  indexing  of  the 
Web,  a  search  engine  application,  a  ranking  algorithm  and  a 
collaborative  filter  system. 


One  of  the  most  expensive  components  of  a  search 
engine  is  the  effort  to  index  the  Web.  Wikia  believes  its 
crawl  of  the  Web  will  cost  nearly  nothing,  because  it’s  ask¬ 
ing  Internet  users  to  help  out  by  downloading  Web  crawling 
software  from  Grub,  which  will  use  their  computers  during 
idle  time  and  send  results  back  to  Wikia  for  the  index.  So  far 
a  thousand  people  have  downloaded  the  application,  and 
Penchina  is  hoping  for  100,000  or  more. 

While  the  algorithms  to  determine  search  rankings  are 
usually  secret  recipes,  Wikia  plans  to  post  its  algorithm 
on  the  Internet  for  free,  so  anyone  can  see  how  results  are 
determined. 

The  collaboration  part  of  the  project  will  have  users  sort 
through  and  filter  webpages.  This  adds  a  human  touch,  and 
Wikia’s  founders  hope  that  human  touch  will  lead  to  better 
Internet  searches.  -Dan  Nystedt 
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Wanted:  More  ROI  on 
Innovation  Efforts 
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i  n  n  o  vat  i  o  n  Innovation  may  be  today’s  business  mandate,  but 
that  doesn't  mean  everyone's  good  at  it.  So  finds  the  fourth  annual 
global  survey  and  report  on  innovation  by  the  Boston  Consulting  Group 
(BCG),  which  points  to  widespread  executive  frustration  with  the  return 
on  innovation  investments.  That  said,  respondents  to  the  survey  (2,500 
worldwide  executives)  say  they  know  that  business  performance  and 
growth  hinge  on  innovation.  The  highlights: 

Innovation’s  importance  grows.  Companies  deemed  innovative  by 
respondents  (Apple  and  Google  top  the  list)  outperform  their  peers  by 
nearly  400  basis  points  per  year  in  terms  of  stock  price. 

Dissatisfaction  with  innovation  spending.  Satisfaction  with  returns 
on  innovation  spending  has  fallen.  Last  year,  52  percent  of  respondents 
were  satisfied.  This  year?  Just  46  percent. 

Biggest  obstacles  to  innovation.  “Risk-averse  corporate  culture"  (38 
percent)  and  “overly  lengthy  development  times”  (36  percent)  were  the 
most-reported  problems  that  prevented  better  innovation  returns.  And 
54  percent  of  executives  said  their  companies  moved  from  idea  genera¬ 
tion  to  sales  too  slowly. 

Metrics  needed.  The  metrics  that  could  be  most  appropriate  to  drive 
better  performance,  according  to  the  study,  are  used  the  least:  time  to 
market  (used  by  18  percent)  and  return  on  innovation  investment  (used 
by  22  percent).  What  metrics  are  commonly  used?  Customer  satisfac¬ 
tion  (57  percent)  and  overall  revenue  growth  (51  percent). 

Most  satisfied.  Fifty-one  percent  of  executives  at  technology,  tele¬ 
communications  and  travel  companies  were  satisfied  with  the  results 
of  their  innovation  spend.  Least  satisfied:  execs  from  financial  services 
(41  percent)  and  retailers  (43  percent). 

Global  innovation  grows.  About  three-quarters  of  Asian  (76  percent) 
and  European  (74  percent)  companies  report  they’ll  be  increasing 
innovation  spend,  while  only  64  percent  of  North  American  execs  will 
increase  theirs.  -Diann  Daniel 


Boom  Time  for  Hackers 


security  It’s  a  good  time  to  be  a  malicious  hacker.  While  it’s  not 
a  time  of  revolutionary  new  techniques  in  hacking  for  profit,  business 
is  booming  for  the  established  methods.  The  good  guys  continue  to  lag 
badly  behind,  despite  increased  investment  in  information  security 
defenses.  A  report  by  antivirus  software  maker  Sophos  calls  the  recent 
uptick  in  malware  a  “deluge.” 

By  April  2007,  more  than  250,000 websites 
were  hosting  malicious  code.  More  than  8,000 
are  added  to  that  total  every  day. 

SOURCE:  Sophos 
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Continued  from  Page  19 

group,  to  identify  how  accounting  data 
is  handled  electronically  and  manually. 
Then  IT  must  tighten  those  processes  to 
prevent  fraud. 

“It  has  been  painful,”  Dittmar  says. 
For  many  companies,  documenting, 
testing  and  maintaining  controls  to  the 
extent  required  was  a  major  change. 

But  as  companies  have  struggled  to 
follow  Sarbanes-Oxley,  CIOs  have  had 
the  chance  to  talk  with  senior  execu¬ 
tives  specifically  about  how  IT  affects 
the  business,  says  Patty  Azzarello,  a 
CIO  careers  consultant  in  Palo  Alto, 
Calif.  “This  conversation,  in  many  cases, 
opened  the  door  for  CIOs  to  get  more 
airtime  in  budget  and  planning  discus¬ 
sions,  which  is  vital  if  they  want  to  have 
an  impact  on  corporate  strategy.” 

Compliance  costs  depend  on  your 
company’s  complexity  and  past  history. 
But  generally,  costs  have  been  declin¬ 
ing,  according  to  a  recent  survey  from 
Financial  Executives  International 
(FEI),  a  professional  association.  Total 
average  cost  for  a  company  to  comply 
with  Section  404— which  governs  inter¬ 
nal  controls— was  $2.9  million  last  year, 
down  23  percent  from  2005,  FEI  found. 

Insurance  giant  American  Inter¬ 
national  Group  (AIG)  now  spends  30 
percent  to  40  percent  less  per  year  than 
it  did  in  2003,  when  it  embarked  on 
compliance,  says  Anders  Land,  vice 
president  of  internal  control  in  the 
comptroller’s  unit. 

“Instead  of  having  a  defined  num¬ 
ber  of  consultants  doing  the  project, 
it  becomes  10  percent  of  an  internal 
employee’s  work,”  he  says.  So  it’s  now 
harder  to  say  what’s  a  Sarbanes-Oxley 
cost  and  what  isn’t,  he  says.  “That’s  posi¬ 
tive.  It  means  the  performance  of  good, 
effective  controls  is  part  of  company 
culture,  and  that’s  the  whole  purpose  of 
the  law.” 

-Kim  Nash 
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Having  data  storage  problems? 

Let  CDW  turn  them  into  data  storage  solutions. 


EMC  Celerra8  NS20 _ 

•  Supports  NAS,  iSCSI  and  Fibre  Channel 
SAN  connectivity 

•  Simultaneously  connects  to  multiple  types 
of  storage  networks 

•  Delivers  scalable  performance  and  a  high 
level  of  reliability 

•  Celerra  Startup  Assistant  software  allows 
system  to  go  from  power  up  to  production 
in  as  little  as  15  minutes 

•  Allocates  storage  capacity  quickly  via 
automated  volume  management  with  thin 
provisioning  capabilities 

EMC2  CDW 1276366 

where  information  lives 


EMC  EmaiIXtender _ 

•  Archiving  solution  that  helps  retain  and 
manage  e-mail  as  a  record  in  order  to 
achieve  regulatory  compliance,  adhere  to 
organization  retention  policies  and  support 
legal  discovery  activities 

•  Supports  Microsoft®  Exchange,  Lotus 
Notes'/Domino®,  Bloomberg  Mail  and 
SMTP-based  e-mail 

•  Also  supports  environments  with  mixed  e-mail 
applications  and  all  EMC®  storage  platforms 


EMC2  CDW 1053039 

where  information  lives 


EMC  DiskXtender  for  Windows * 

•  Automatically  migrates  infrequently  accessed 
data  to  more  cost-effective  storage  — 

disk,  tape  or  optical 

•  Significantly  shortens  backup  and 
recovery  windows 

•  Recognizes  data  value,  retention  and 
compliance  requirements 

•  Reduces  storage  costs  while  optimizing  IT 
resources 

•  Provides  seamless  data  access  regardless 
of  file  location 


EMC2  CDW  987362 

where  information  lives 


Call  your  CDW  account  manager  for  pricing. 


We're  there  with  the  storage  solutions  you  need. 

Today,  with  more  data  being  stored,  more  assets  are  at  stake.  And  there  is  a  big  difference  between  storage 
and  secure  storage.  At  CDW,  we're  there  with  storage  and  backup  specialists  that  will  work  with  you  to  find 
the  right  solution  for  your  setup.  Then,  we'll  draw  from  a  full  line  of  top-name  storage  technology  so  you  can 
increase  capacity  and  reduce  risk.  So  call  today  and  make  sure  your  data  and  your  company  are  secure. 


CDW.com 


800.399.4CDW 


Offer  subject  to  CDW’s  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2007  CDW  Corporation 
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For  Beijing 
Olympics, 
Deadline 
Looms  Large 

2008  OLYMPICS  August 
marked  the  one-year  point  until  the 
2008  Olympic  Games  begin  in  Bei¬ 
jing.  Standing  on  the  street  in  the  Chi¬ 
nese  capital,  can  you  tell?  Yes  and  no. 

Construction  cranes  still  tower 
overthe  city,  and  building  continues 
apace— but  that’s  not  a  significant 
change  over  the  past  10  or  even 
20  years.  More  new  cars  traverse 
Beijing’s  streets— an  estimated  700  to 
1,000  per  day— and  with  them  comes 
a  Dickensian  haze  of  smog.  June 
2007  had  the  worst  air  quality  for  that 
month  in  seven  years.  When  are  the 
opening  ceremonies,  again? 

In  terms  of  technology,  many 
question  marks  remain  about  what 
Beijing  will  offer.  To  date,  China  has 


not  issued  third-generation  (3G)  tele¬ 
phony  licenses.  All  indications  are  that 
China  will  use  its  own  time  division- 
synchronous  code  division  multiple 
access  3G  technology,  and  that  its 
deployment  will  be  limited. 

Also  discussed  is  citywide  wire¬ 
less  Internet,  which  may  be  more  of  a 
move  toward  fourth-generation  tech¬ 
nology  than  just  a  stop-gap  imple¬ 
mentation. 

Beijing  announced  it  would  ban 
a  million  vehicles— one-third  of  the 
city’s  cars— from  Aug.  7  to  Aug.  20 
as  a  trial  run  for  next  year,  but  no  evi¬ 
dence  of  that  ban  has  emerged.  New 


Under  construction:  Beijing  not 
quite  ready  for  its  Olympic  site  closeup 

subway  lines  planned  for  the  games 
will  not  open  until  next  year. 

Olympic  merchandise  is  every¬ 
where,  and  China’s  media  buzz  with 
mentions  of  the  games.  But  the 
capital’s  long-stated  goal  of  having 
English-speaking  taxi  drivers  for  the 
games  seems  to  be  a  pipe  dream. 

One  year  off,  China  still  has  a  lot  of 
work  to  do  before  an  expected  half¬ 
million  foreign  visitors  arrive  and  bil¬ 
lions  of  television  viewers  tune  in. 

-Steven  Schwankert 
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Fo  r  m  e  r  G  i  1 1  ette  C  EO  S  h  a  res  Keys  to  S  u  ccess 


book  review  If  you  want  a  view  into  what  makes  a 
big-time  CEO’s  mind  tick,  you  may  enjoy  James  Kilts’s  new 
book,  Doing  What  Matters.  Kilts  knows  his  way  around 
being  a  high-profile  leader:  As  chairman  and  CEO  of  Gil¬ 
lette,  he  oversaw  a  results-oriented  renaissance  at  the  con¬ 
sumer  products  giant  before  guiding  the  firm  to  a  merger 
with  Procter  &  Gamble  in  2005.  Prior  to  that,  he  served  as 
CEO  of  Kraft  Foods  and  Nabisco. 

Kilts,  who’s  now  a  founding  partner  at  private  equity 
firm  Centerview  Partners,  uses  the  book  to  share  his  les¬ 
sons  for  current  and  aspiring  executives  on  what  really 
matters  to  personal  and  business  success. 

Most  of  these  lessons  will  resonate  with,  rather  than  sur¬ 
prise,  seasoned  IT  executives.  For  example,  Kilts  says  don’t 
underestimate  the  value  of  mentors  or  the  value  of  showing 
loyalty  to  your  staff.  Among  his  other  keys  to  success,  he 
counts  a  “continuous  dissatisfaction  with  the  status  quo” 
and  a  belief  that  small  moments,  like  a  casual  lunch  to  dis¬ 
cuss  current  problems,  will  stay  with  your  subordinates. 


[Doing  What  Matters 

James  Kilts,  with  John 
Manfredi  and  Robert  Lorber 
Crown  Business, 

Sept.  2007,  $27.50 

What’s  most  interesting  about 
the  book  is  not  its  bullet  point  les¬ 
sons  but  its  narratives.  You  will 
get  colorful  glimpses  into  Kilts’s 
struggles  at  Nabisco  and  Gillette, 
his  personal  accounts  of  talking  with  Warren  Buffett  (a  Gil¬ 
lette  board  member)  and  his  tangles  with  the  national  and 
Boston-based  media  during  Gillette’s  merger  with  P&G. 

In  advance  of  his  book  publishing.  Kilts  shared  some 
specific  advice  for  aspiring  IT  executives  in  an  interview  for 
CIO.com:  See  “My  Keys  to  Career  Success,”  www.cio.com/ 
article/126403.  -Laurianne  McLaughlin 
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THROW  THE 
FIRST  PUNCH. 

Successful  companies  don’t  flinch.  They  confidently  assert  their  presence  in 
the  marketplace  and  refuse  to  let  fear  paralyze  their  ambition.  From  consulting 
to  systems  integration  to  outsourcing,  Unisys  Solutions  for  Secure  Business 
Operations  enable  you  to  be  more  innovative,  more  competitive  and  as  bold 
as  you  want  to  be.  Let  the  competition  block  for  a  change. 


Security  unleashed.  UNISYS 


Secure  Business  Operations,  irnagine 


www.securityunleashed.com 


©  2007  Unisys  Corporation.  Unisys  is  a  registered  trademark  of  Unisys  Corporation. 
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BY  MARGARET  LOCHER 


Supply  Chain’sMissing  Link 

Cost-minded  supply  chain  strategies  don’t  advance  the  business 
priority  of  improving  customer  service 

It's  all  about  the  customer:  71  percent  of  business  operators  said  their  top  busi¬ 
ness  objective  is  increased  loyalty  and  customer  satisfaction,  according  to  a  recent 
Manufacturing  Insights  survey  of  800  companies.  But  their  number-one  supply 
chain  objective  is  to  reduce  manufacturing  and  logistics  costs.  “That’s  a  big  discon¬ 
nect,”  says  Kim  Knickle,  program  director  and  lead  analyst  at  Manufacturing  Insights. 

If  businesses  don’t  align  their  strategic  objectives  with  supply  chain  priorities,  IT 
investments  in  supply  chain  will  not  be  effective,  Knickle  says.  One  of  the  reasons  for 
the  misalignment  of  goals  could  be  that  CIOs  are  focused  on  more  day-to-day  issues, 
she  says.  IT  may  need  to  be  more  proactive  about  showing  the  business  ways  that  its 
supply  chain  can  improve  customer  strategy  goals. 

"CIOs  aren't  always  invited  to  conversations,”  Knickle  says.  “IT  needs  to  talk  to 
the  business  to  ensure  IT  investments  align  with  corporate  objectives.”  The  survey 
showed  that  business  operators  want  more  collaborative  processes  within  the  orga¬ 
nization,  says  Knickle. 

Historically,  strategy  development  within  each  business  function  was  a  siloed  pro¬ 
cess,  says  Simon  Ellis,  research  program  director  at  Manufacturing  Insights:  “But  as 
technology  is  increasingly  outsourced,  collaboration  becomes  more  important.” 

This  is  especially  true  when  business  constituents  don’t  understand  that  the  IT 
budget  is  already  limited.  Ellis  says  most  IT  budgets  haven’t  increased  during  the 
past  five  years.  "IT  is  under  greater  pressure  to  stretch  their  dollars,"  he  says,  noting 
that  the  supply  chain  can’t  be  a  center  of  innovation  without  the  proper  budget. 

"The  business  must  be  willing  to  see  IT  from  more  than  a  service  and  cost-saving 
angle,”  Knickle  says. 


Best 

Practices 


Show  the  board  that  the 
supply  chain  effort  can  do 
more  than  reduce  costs. 

Detail  the  business  value  of 
any  supply  chain  innovation 
you  pitch. 

Keep  the  customers 

in  the  front  of  your  mind. 
Emphasize  supply  chain 
changes  that  could  improve 
the  customer  experience. 

Create  a  strategic  frame¬ 
work  for  IT  decision  making. 
In  times  of  cost  pressure, 
this  gives  you  boundaries  for 
choosing  among  business 
requests. 


What’s  Your  Supply  Chain  Focus? 


What's  your  lop 
supply  chain  priority? 


48% 

of  businesses  say  reducing  material, 
manufacturing  and  logistics  costs. 
But  where’s  customer  service? 


What  IT  investments  will  be  most 
important  to  your  global  supply 
chain  performance  in  the  next 
two  years? 

1  Advanced  supply  network  planning 
.  or  manufacturing  scheduling 

2  Advanced  inventory  management 
.  or  optimization 


3. 


Supply  chain  execution,  logistics 
control  and  management 


SOURCE:  Manufacturing  Insights 
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ALIGNING 

IT  AND  BUSINESS 


Best  Practices  for  Bridging  the  Eternal  Gap 


Even  after  years  of  attention,  the  issue  of  aligning  IT 
with  business  still  roils.  How  can  CIOs  make  more 
progress  in  their  efforts? 

When  IDG  Research  Group  surveyed  300  business 
and  IT  executives  in  the  spring  of  2007,  respondents  over¬ 
whelmingly  cited  aligning  IT  with  business  objectives  as 
their  No.  1  IT  priority.  More 
than  half  say  that  the  impor¬ 
tance  of  aligning  IT  with  busi¬ 
ness  goals  will  only  increase 
over  the  next  18  months.  At 
the  same  time,  only  1 3  percent 
say  they  have  been  very 
successful  at  aligning  IT  and 
business  goals,  and  only 
9  percent  say  they’ve  been  very 
successful  at  automating  IT  operations  and  processes. 

The  problem  is  that  business  alignment  often  deter¬ 
mines  IT  spending  levels.  “Our  IT  spending  is  limited  to 
supporting  the  business  goals,”  says  Roger  Jaffe,  CIO  of 
APS  Healthcare,  a  provider  of  specialty  health  care  solu¬ 
tions.  “Unless  I  ask  for  an  appropriation  that  supports  a 
current  business  goal,  the  project  is  not  going  to  be 
approved.” 

Hurdles  to  Alignment 

One  challenge  is  that  the  true  business  goals  of  the  enter¬ 
prise  are  not  always  well  articulated  within  the  organiza¬ 
tion.  And  despite  the  fact  that  technology  has  become  so 
critical  to  day-to-day  operations,  at  some  organizations  IT 
is  still  treated  as  a  cost  center.  Frequently,  IT  management 
and  staff  are  not  properly  trained  in  business  issues. 

In  addition,  real  and  perceived  boundaries  exist 
between  the  IT  department  and  the  lines  of  business — 
and  many  of  these  boundaries  are  organizational.  In  some 
cases,  IT  is  separated  from  the  business  side,  which  still 
perceives  that  it  exists  only  to  maintain  and  update 
computer  systems. 


Another  challenge  is  that  many  organizations  lack 
the  automation  necessary  to  adapt  to  changing  needs.  As 
a  result,  the  IT  staff  is  more  focused  on  performing 
manual  processes  than  participating  in  strategic  business 
initiatives.  That  is,  IT  spends  so  much  time  supporting 
day-to-day  operations  that  it’s  difficult  for  it  to  address 

long-term  business  goals. 

“Lots  of  times  we  tend  to 
focus  on  where  we  are 
right  now  and  in  the  very 
short-term  future,  rather 
than  projecting  two  to 
three  years  down  the  road 
where  we  want  to  be,”  says 
Chris  Rapp,  director  of 
technology  at  Sovereign 
Bank.  “We  need  to  forecast  a  little  bit  better.  We  could 
line  up  the  business  goals  along  with  what  steps  we  would 
need  to  take  on  the  IT  side.” 

Best  Practices 

For  organizations  to  have  any  chance  of  aligning  IT  with 
business  goals,  senior  executives  must  clearly  articulate  the 
organization’s  business  objectives  to  key  stakeholders,  and 
update  those  goals  on  a  regular  basis  to  reflect  changing 
market  conditions. 

IT  management  needs  to  be  kept  aware  of  these 
business  goals.  That  might  even  mean  giving  the  CIO  or 
another  high-level  technology  executive  a  seat  on  the 
board  of  directors.  But  at  the  very  least,  the  top  IT  execu¬ 
tive  should  be  a  key  architect  of  processes  that  support 
business  growth. 

About  CI02CI0  Perspectives:  This  peer-based  thought 
leadership  program  analyzes  quantitative  research  and 
tests  it  via  qualitative  interviews  with  actual  CIOs.  The 
resulting  executive  insight  is  then  disseminated  via 
CXO’s  multimedia  assets.  To  learn  more  about  CI02CI0 
Perspectives,  please  contact  mavery@cxo.com. 
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In  addition,  organizations  must  try  to  automate 
processes  wherever  possible.  The  more  tasks  that  can  be 
automated,  the  better  businesses  will  be  able  to  react  to 
their  changing  needs  and  the  requirements  of  their 
customers.  Automation  enables  the  IT  staff  and  end  users 
to  spend  more  time  on  strategic  initiatives  and  less  time 
grappling  with  manual  processes.  This  enhanced  produc¬ 
tivity  can  have  a  direct  impact  on  the  bottom  line. 

Automation  is  a  key  goal  for  180  Medical,  a  medical 
equipment  supplier.  The  company  is  deploying  a  ware¬ 
house  management  system  and  an  electronic  patient 
records  system  to  automate  its  processes. 

“One  of  our  objectives  is  to  leverage  technology 
so  that  we  can  streamline  the  existing  process,”  says  Mike 
Harman,  CIO.  “We  still  have  a  lot  of  paper-based 
processes.  A  lot  of  people  work  hard  but  still  kind  of 
spin  their  wheels.  We  think  we  can  build  in  a  lot  more 
efficiencies.” 


Benefits  of  Automation 

As  with  automation  at  the  desktop  level,  many  tasks  can 
be  automated  in  the  data  center.  As  the  heart  of  the  organ¬ 
ization,  the  data  center  must  be  flexible  and  adaptable. 
For  instance,  IT  should  set  up  data  center  resources  so 
that  they  automatically  reconfigure  themselves  to  meet 
rising  demands  on  the  corporate  Web  site. 

The  IDG  Research  survey  shows  that  organizations 
see  a  variety  of  benefits  as  a  result  of  automating  IT  oper¬ 
ations  and  processes.  Those  respondents  whose  organiza¬ 
tions  are  using  automation  cite  benefits  such  as  an 
increase  in  IT  productivity  (70  percent  of  respondents), 
increase  in  end-user  satisfaction  with  IT  (54  percent), 
improved  return  on  IT  investments  (52  percent)  and 
reduced  costs  (50  percent). 

In  addition  to  automation,  it’s  critical  to  put  in  place 
IT  processes  that  will  align  to  the  business.  For  example, 
organizations  can  provide  higher  service  levels  to  the 
accounting  department  at  the  end  of  a  quarter,  when  the 
department  is  busiest. 

Frameworks  such  as  the  IT  Infrastructure  Library 
(ITIL)  and  Control  Objectives  for  Information  and 
related  Technology  (COBIT)  have  emerged  globally  as 
best  practices  to  help  improve  IT  services  and  create 
processes  that  match  the  business  needs.  The  frameworks 
enable  organizations  to  speak  a  common  IT  language  so 
that  everyone  understands  the  processes.  They  also 
provide  a  proven,  clear  standard  for  building  services  that 
align  to  both  business  and  IT. 

Yet  surprisingly  few  organizations  have  adopted  or 
are  planning  to  adopt  ITIL  or  COBIT,  according  to  the 
survey.  Only  1  percent  say  they  have  fully  deployed  the 
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Novell  Alignment  Solutions 

Organizations  can  deploy  technology  solutions  to  help  automate 
processes  and  improve  the  delivery  of  IT  services. 

Novell  provides  several  solutions  that  can  help  organiza¬ 
tions  achieve  automation.  Systems  Management  from  Novell  is  a 
comprehensive  set  of  integrated  ITIL-based  services  that  orches¬ 
trate  IT  management  and  business  processes  across  diverse 
server  and  client  platforms. 

Novel!  ZENworks  is  a  comprehensive  set  of  integrated  tools 
that  automate  IT  management  and  business  processes  across 
the  life  cycle  of  desktops,  laptops,  servers  and  handhelds. 
ZENworks  automatically  enforces  business  and  IT  policies  to 
dynamically  manage  and  maintain  IT  resources  based  on  user 
and  asset  identities. 

ZENworks  and  Systems  Management  work  from  the  desktop 
to  the  data  center,  enabling  organizations  to  determine  how  well 
IT  delivers  the  full  spectrum  of  services  to  support  the  business. 
These  technologies  help  CIOs  find  more  relevant  metrics  that 
show  business  alignment,  service  quality  that  supports  alignment 
and  cost  efficiency  in  delivering  service  to  the  business. 

Ifflli  <11  Hill  II  l|  Mill'll 

frameworks,  and  only  about  one-third  say  they  are  at 
some  stage  of  planning  deployment  or  implementing 
them.  This  dearth  of  adoption  may  be  one  of  the  reasons 
why  so  few  respondents  report  success  at  alignment  and 
automation. 

In  addition  to  these  practices,  organizations  can 
implement  technology  solutions  that  help  IT  better  serve 
business  needs  and  goals  (see  sidebar  above). 

Aligning  IT  with  business  goals  is  more  important 
than  ever,  but  it’s  not  an  easy  process.  Organizations  that 
use  a  combination  of  best  practices  and  technology 
solutions  can  make  IT  more  business  savvy,  automate 
tasks  and  use  applications  more  efficiently  to  meet  busi¬ 
ness  goals. 

As  with  other  key  initiatives,  IT  and  business  align¬ 
ment  requires  constant  communication  between  technol¬ 
ogy  and  business  executives.  Rapp  says  he  tries  to  be  as 
detailed  as  possible  in  documenting  and  outlining  technol¬ 
ogy  initiatives  when  presenting  them  to  the  business  units. 

“I  want  to  make  sure  that  all  departments  know,  at 
least  from  stuff  that  affects  the  IT  department,  exactly 
what  we’re  doing  to  keep  everyone  up  to  speed  and  on 
the  same  page,”  Rapp  says.  B 


Go  to  www.cio.com/whitepapers/alignment 

to  obtain  a  free  download  of  the  complete  white  paper 
“Aligning  IT  and  Business:  Bridging  the  Eternal  Gap". 
Based  on  a  major  research  survey  by  IDG  Research  Services 
featuring  in-depth  discussions  with  CIOs  at  midsize  and 
enterprise  class  organizations,  this  just-released  white  paper 
will  help  Cl  Os  analyze  their  IT  infrastructure  so  that  it 
runs  more  effectively  and  efficiently,  drawing  on  peer 
insights  to  create  highly  available  and  manageable  systems. 
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IDENTITY  IS  CENTER 


Walk  away  with  more  information,  more  perspective  and  more  profiles  of  real 
world  deployments  by  those  who  did  them  than  at  any  other  conference! 


Interact  with  peers  in  over  40  hours  of  in-depth  discussion  providing  you  with  perspective  and 
analysis  of  how  digital  identity  is  being  leveraged  to  help  integrate,  manage  and  secure  the  network. 
Sort  the  trends  and  discover  the  truth  about  what  works  and  what  doesn’t. 


Topics  to  include: 

•  Deploying  identity-based  network 
access  control 

•  Using  identity  to  achieve  compliance 

•  Authentication  as  risk  management 

•  How  identity  fits  into  SOA 

•  Understanding  OpenID  and  CardSpace 

•  Achieving  "anywhere  access"  with  E-SSO 

•  Understanding  successful  federated 
identity  deployments 


Role  Management  as  the  lynchpin  of 
scaling  identity 

Integrating  machine  identity  into  an 
identity  architecture 

Addressing  challenges  in  identity  and 
the  telco  space 

Overcoming  hurdles  specific  to  identity  and 
financial  services 

Using  identity  to  address  healthcare 
specific  concerns 


Register  now  for  the  6th  annual  Digital  ID  World  Conference  and  take  advantage  of  the  early 
registration  discount — reference  Priority  Code  AD  and  attend  the  conference  for  $995.  This  offer 
expires  September  21, 2007. 


Digital  ID  World.  Real  World  Deployments.  Real  World  Perspective. 

Visit  www.digitalidworld.com 
or  call  800-366-0246  to  register. 
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management  software  combines  drives 
from  multiple  vendors  as  if  they  were  one 
virtual  drive,  letting  Eteheverry  avoid  get¬ 
ting  locked  in  to  the  expensive,  proprietary 
drives  that  array-based  storage  systems 
often  require. 

Although  storage  virtualization  technol¬ 
ogy  is  fairly  new,  it’s  quickly  gaining  trac¬ 
tion  in  the  enterprise.  In  2006, 20  percent 
of  1,017  companies  surveyed  by  Forrester 
Research  had  adopted  storage  virtualiza¬ 
tion.  By  2009,  50  percent  of  those  enter¬ 
prises  expect  to.  And  the  percentages  are 
even  higher  for  companies  with  20,000 
or  more  employees,  the  survey  notes:  34 
percent  of  such  firms  had  deployed  storage 
virtualization  in  2006,  and  that  will  climb 
to  67  percent  by  2009. 


original  portions  of  changed  data  and  make 
it  easier  to  go  back  to  the  original  version. 
All  these  activities  have  become  harder  to 
accomplish  using  traditional  storage  man¬ 
agement  techniques  as  data  volumes  surge 
and  time  for  backup  chores  decreases. 

Because  storage  virtualization  technol¬ 
ogy  used  for  these  purposes  copies  just  the 
individual  parts  of  changed  data,  not  entire 
files  or  even  drive  volumes  as  in  traditional 
host-based  storage  architectures,  these 
data-protection  activities  are  faster  and  tax 
the  network  less.  “You  end  up  transferring 
40  or  50  percent  less,  depending  on  the 
data  you  have,”  says  Ashish  Nadkarni,  a 
principal  consultant  at  the  storage  consul¬ 
tancy  GlassHouse  Technologies. 

This  efficiency  lets  a  CIO  contemplate 


“Everythingyou  thought  you  knew 
about  storage  management  you  need 
to  not  bring  to  the  party.” 

-Chris  Walls,  president  of  IT  services,  healthcare  data  management  firm  PHNS 


But  storage  virtualization  requires  a 
clear  strategy,  Eteheverry  says.  “A  lot  of 
people  don’t  think  much  about  storage,  so 
they  don’t  do  the  planning  that  can  save 
costs,”  he  says.  Because  storage  virtualiza¬ 
tion  is  a  very  different  approach  to  manag¬ 
ing  data,  those  who  don’t  think  it  through 
may  miss  several  of  the  technology’s  key 
productivity  and  cost-savings  advantages, 
concurs  Nik  Simpson,  a  storage  analyst  at 
the  Burton  Group. 

Better  Backups 

Strategically,  storage  virtualization  brings 
the  most  value  to  resource-intensive  stor¬ 
age  management  chores  meant  to  protect 
data  and  keep  it  available  in  demanding 
environments.  These  chores  include  the 
following:  replication  to  keep  distributed 
databases  synchronized;  mirroring  to  keep 
a  redundant  copy  of  data  available  for  use  in 
case  the  primary  copy  becomes  unavailable; 
backup  to  keep  both  current  and  historical 
data  available  in  case  it  gets  deleted  but  is 
needed  later;  and  snapshots  to  copy  the 


continuous  backup  and  replication,  and 
enables  quick  moves  to  new  equipment 
in  case  of  hardware  failure.  “We  can  add 
new  storage  as  needed  and  have  data 
transferred  in  the  background,  without 
the  users  even  knowing,”  says  Ryan  Engh, 
IT  infrastructure  manager  at  the  invest¬ 
ment  firm  Wasatch  Advisors,  which  uses 
DataCore’s  virtualization  software. 

Another  advantage:  “This  prevents  the 
states  of  the  disaster  recovery  site  and  the 
production  site  from  pulling  apart,”  he 
says— a  common  problem  in  a  traditional 
environment  where  the  two  data  sets  are 
usually  out  of  synch  because  of  the  long 
replication  times  needed. 

Moreover,  the  distributed  nature  of  the 
data  storage  gives  IT  great  flexibility  in  how 
data  is  stored,  says  Chris  Walls,  president 
of  IT  services  at  the  healthcare  data  man¬ 
agement  firm  PHNS,  which  uses  IBM’s  vir¬ 
tualization  controller.  “That  control  layer 
gives  you  the  flexibility  to  put  your  data  in 
a  remote  site,  or  even  in  multiple  sites,”  he 
says— all  invisible  to  users. 
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Understanding  these  capabilities,  a 
CIO  could  thus  introduce  24/7  avail¬ 
ability  and  disaster  recovery,  perhaps  as 
part  of  a  global  expansion  strategy.  That 
is  precisely  what  Eteheverry  is  doing  at 
Champion.  “We  now  have  a  zero-window 
backup,  and  I  can  rebuild  a  drive  image  in 
almost  real-time,”  he  says. 

Some  enterprises  have  gained  additional 
advantage  from  storage  virtualization  by 
combining  it  with  an  older  technology 
called  thin  provisioning  that  fools  a  drive 
into  thinking  it  has  more  capacity  than  it 
has;  this  is  done  typically  to  create  one  stan¬ 
dard  user  volume  configuration  across  all 
drives,  so  when  you  replace  drives  with 
larger  ones,  IT  staff  does  not  have  to  change 
the  user-facing  storage  structure.  By  add¬ 
ing  storage  virtualization,  these  standard¬ 
ized,  thin-provisioned  volumes  can  exceed 
the  physical  limit  of  any  drive;  the  excess 
is  simply  stored  on  another  drive,  with¬ 
out  the  user  knowing.  “This  really  eases 
configuration,”  says  Wasatch’s  Engh.  That 
also  reduces  IT’s  need  to  monitor  individual 
drive  usage;  the  virtualization  software  or 
appliance  just  gets  more  capacity  where  it 
can  find  it. 

For  example,  Epilepsy  Project,  a  research 
group  at  the  University  of  California  at 
San  Francisco,  uses  thin  provisioning, 
coupled  with  Network  Appliance’s  stor¬ 
age  virtualization  appliance.  The  project’s 
analysis  applications  generate  hundreds  of 
gigabytes  of  temporary  data  while  crunch¬ 
ing  the  numbers.  Rather  than  give  every 
researcher  the  Windows  maximum  of 
2TB  of  storage  capacity  for  this  occasional 
use,  CIO  Michael  Williams  gives  each  one 
about  a  quarter  of  that  physical  space,  then 
uses  thin  provisioning.  The  appliance 
allocates  the  extra  space  for  the  analysis 
applications’  temporary  data  only  when 
it’s  really  needed,  essentially  juggling  the 
storage  space  among  the  researchers. 

The  Hard  Part 

Storage  virtualization’s  newfound  flexibil¬ 
ity  and  control  does  have  risks.  “The  flex¬ 
ibility  can  be  your  worst  nightmare— it’s 
like  giving  razor  blades  to  a  child,”  says 
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Microsoft  System  Center  is  a  family  of 
l— J  IT  management  solutions  (including  Operations 


Manager  and  Systems  Management  Server) 
designed  to  help  you  manage  your  mission- 
_  I _  —  critical  enterprise  systems  and  applications. 


_  Nissan  manages  56,500  PCs  on  three  continents 

with  System  Center.  That's  big.  See  Nissan  and 
other  case  studies  at  DesignedForBig.com 
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I  am  fearless. 

I  protect  a  2  billion  dollar  retail  business 

I  believe  security  should  enable 
business  growth  not  limit  it. 

I  focus  on  what’s  important. 


I  innovate 


I  am  fearless 


When  it  comes  to  security,  most  businesses  understand  what  it  means  to  fail.  But  few  can  imagine 
what  it  would  mean  to  succeed.  RSA’s  information-centric  security  solutions  can  move  your  business 
forward.  That’s  why  we’re  the  chosen  security  partner  of  more  than  90  percent  of  the  Fortune  500. 

Don’t  just  secure  your  business.  Accelerate  it.  Learn  more  at  www.rsa.com/go/kayak  The  Security  Division  of  EMC 

Secure  Anytime  Protect  Secure  Manage  Compliance 

Anywhere  Access  Customer  Identities  Enterprise  Data  and  Security  Information 
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essential  technology 


« -  -•r.Ufv*. 

Fear  less.  Do  more. 


Wasatch’s  Engh.  The  issue  that  storage 
virtualization  introduces  is  complexity. 

Although  the  tools  keep  track  of  where 
the  files’  various  bits  really  are,  IT  staff  not 
used  to  having  the  data  distributed  over 
various  media  might  manage  the  disks 
the  old-fashioned  way,  copying  volumes 
with  partial  files  rather  than  copying  the 
files  themselves  for  backup.  Or  when 
setting  up  virtualized  storage  networks, 
they  might  accidentally  mix  lower-per¬ 
formance  drives  into  high-performance 
virtual  servers,  hindering  overall  perfor¬ 
mance  in  mission-critical  applications, 
notes  GlassHouse’s  Nadkarni. 

Virtualization  tools  aren’t  hard  to  use, 
but  it’s  hard  for  storage  engineers  to  stop 
thinking  about  data  from  a  physical  point 
of  view,  says  PHNS’s  Walls.  “Everything 
you  thought  you  knew  about  storage 
management  you  need  to  not  bring  to  the 
party,”  he  adds. 

Another  issue  is  choosing  the  right 
form  of  storage  virtualization,  network- 
based  or  array-based.  The  network-based 
virtualization  technology  is  delivered  via 
server-based  software,  a  network  appli¬ 
ance,  or  an  intelligent  Fibre  Channel 
switch,  and  it  comes  in  two  flavors:  block- 
level  and  file-level.  Array-based  virtual¬ 
ization  is  typically  provided  as  part  of  the 
storage  management  software  that  comes 
with  an  array. 

Array-based  virtualization  is  mature, 
says  Burton  Group’s  Simpson.  But  it’s 
limited  to  storage  attached  directly  to  the 
array  or  allocated  just  to  that  array  via  a 
SAN;  IT  usually  must  buy  array  storage 
from  the  array  vendor,  creating  expensive 
vendor  lock-in. 

Network-based  storage  virtualization 
has  been  in  existence  just  a  few  years 
and  so  has  largely  been  offered  by  start- 
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For  other  cost-cutting  strategies,  see 

RETHINK  YOUR  STORAGE  INFRASTRUC¬ 
TURE  TO  SAVE  MONEY,  SIMPLIFY  MAN¬ 
AGEMENT  at  www.cio.com/article/ 
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ups.  It’s  the  most  flexible  form  of  storage 
virtualization,  says  Forrester’s  Andrew 
Reichman,  and  lets  you  manage  almost 
all  your  storage  resources,  even  offsite, 
as  long  as  they  are  available  via  the  SAN. 
Although  these  tools  can  theoretically  act 
as  a  choke  point  on  your  SAN,  in  practice 
the  vendors  are  good  at  preventing  that 
problem,  he  notes. 

Most  network-based  storage  vir¬ 
tualization  products  work  at 
the  block  level,  meaning  they 
deal  with  groups  of  bits  rather  than  whole 
files.  While  block-level  network-based 
storage  virtualization  is  the  most  flexible 
option,  the  technology  typically  requires 
that  an  enterprise  change  its  storage  net¬ 
work  switches  and  other  network  devices 
to  ones  that  are  compatible,  Nadkarni 
notes.  “But  no  one  wants  to  shut  down 
their  SAN  to  do  so,”  he  says.  Although 
you  can  add  the  technology  incremen¬ 
tally,  that  just  raises  the  complexity,  since 
you  now  have  some  virtualized  storage 
and  some  nonvirtualized  storage,  all  of 
which  need  to  be  managed  in  parallel. 

Thus,  most  organizations  should  con¬ 
sider  adopting  network-based  storage 
virtualization  as  part  of  a  greater  storage 
reengineering  effort,  he  advises. 

That’s  exactly  what  both  Champion’s 
Etcheverry  and  PHNS’s  Walls  did.  Etch- 
everry  brought  virtualization  in  as  part 
of  an  enterprisewide  storage  redesign, 
while  Walls  brought  it  in  as  part  of  add¬ 
ing  a  new  data  center  and  disaster  recov¬ 
ery  site.  In  both  cases,  all  the  setup  work 
happened  in  a  nonproduction  environ¬ 
ment  and  could  be  tested  thoroughly 
without  affecting  users.  Once  the  two 
IT  leaders  were  happy  with  their  new 
systems,  they  then  transferred  the  data 
over  and  brought  them  online.  That 
meant  there  was  only  a  single  disruption 
to  the  storage  environment  that  users 
noticed.  “This  was  a  one-time  event,” 
Walls  notes.  QE1 


Galen  Gruman  is  a  frequent  contributor  to  CIO. 
You  can  reach  him  at ggruman@zangogroup.com. 
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PCI  Compliance: 

Securing  Credit  Card  Data 

RSA’s  solutions  for  PCI  compliance 
help  ensure  that  credit  card  data 
entrusted  to  you  never  becomes 
a  liability.  We  offer  sustainable, 
flexible  solutions  to  help  you 
remain  compliant  even  as  data 
security  standards  evolve. 

RSA  can  help  your  organization: 

•  Discover  and  classify  credit 
card  data  and  applications 

•  Secure  data  regardless  of 
where  it  resides 

•  Provide  comprehensive 
access  control 

•  Actively  monitor  security 
events 

•  Leverage  log  data  to 
prove  compliance 


Learn  to  fear  less  and  do  more. 
Visit  our  PCI  Resource  Center 
for  FREE  research,  white  papers, 
webinars,  podcasts  and  more: 
www.rsa.com/go/kayak 
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SAY  H  E  LLO  TO 


One  SINGLE  difference. 

The  Simpana™  data  management  software  suite  is  designed  and  built  on  a  single  code 
base.  Consequently,  its  modules  for  Data  Protection,  Archive,  Replication,  Resource 
Management  and  Search  work  together  seamlessly  and  share  a  single  set  of 
common  services.  The  result?  Singular  efficiency,  flexibility,  and  scalability.  It's  an 
unprecedented  Singular  Information  Management™  approach  so-called  "integrated'' 
solutions  can  only  dream  about. 


A  groundbreaking  release. 

The  Simpana  name  is  new,  but  the  powerful  software  behind  it  is  not.  We 
introduced  our  single  platform  architecture  almost  a  decade  ago  with  the  launch 
of  CommVault  Galaxy®  Backup  and  Recovery.  This  was  followed  by  the 
QiNetix™  software  suite  with  modules  for  Archive,  Replication,  and 
Resource  Management. 

The  7.0  release  of  the  newly-named  Simpana  suite  is  the  largest  in  our 
history  and  includes  major  enhancements  to  Data  Protection,  Archive  and 
Replication  solutions  like  Single  Instance  Store,  Advanced  Archiving, 
High-Performance  Content  Indexing  and  Data  Classification. 

Simpana  7.0  software  also  builds  on  the  success  of  our  singular 
approach  by  bringing  together  superior  data  management  and  unique, 
enterprise-wide  Search  and  Discovery — changing  the  way  companies 
store,  manage  and  access  enterprise  information  across  all  tiers 
of  storage. 


software  suite 


Singular 

Information 

Management.™ 

Infinite 

possibilities. 


An  Industry  Milestone:  Unprecedented  Search 
transforms  managed  data  into  information. 

Simpana  7.0  software  creates  a  single,  virtual  pool  of  searchable  content  from  files  across  online  storage, 
archive,  and  backup  data  copies.  Simpana  software  then  gives  authorized  users  real-time  access  to  this  pool 
of  historical  and  current  data  with  a  single  query  using  a  simple,  search-engine-like  interface. 

Whether  used  for  legal  discovery,  business  compliance,  or  to  improve  productivity  and  competitiveness, 
managed  data  is  simply  and  quickly  transformed  into  powerful  information  by  putting  it  at  the  fingertips 
of  all  types  of  business  users. 

Infinite  Possibilities. 

No  matter  what  your  data  management  needs  may  be — today  and  tomorrow — Simpana  software  was 
designed  to  answer  them.  Start  with  any  one  or  any  combination  of  Simpana  modules  and  you've  just 
laid  the  groundwork  for  an  infinitely  adaptable  future.  That's  because  adding  functionality  is  as  simple 
as  "plugging  in"  another  module.  This  gives  you  the  capacity  to  control  data  growth,  costs,  and  risks 
across  enterprise  data  center,  remote  office,  and  workgroup  deployments. 


First  step  to  our  Solving  Forward™  solution?  Back  up. 


Most  of  our  customers  started  with  our  backup  software  because  their  prior  solution  simply  wasn't 
working.  Backup  is  where  CommVault  started  and  we  continue  to  outperform  our  competition  today 
But  don't  take  our  word  for  it.  Visit  www.commvault.com  to  read  what  Gartner,  industry  analysts, 
the  press,  and  some  of  our  6500+  customers  are  saying  about  us.  Then,  contact  us  for  an  in-depth 
conversation  about  how  we  can  fix  your  data  management  problems  now  and  set  you  up  far,  far 
into  the  future  with  our  Singular  Information  Management  approach. 


Once  you  experience  the  unparalleled  capabilities  of  Simpana  software,  you'll 
to  understand  why  it  is,  "The  fastest-growing  data  management  software 
you'll  wish  you'd  heard  of  sooner." 


quickly  come 


www.commvault.com 


commvault 

solving  forward' 


DATA  PROTECTION  ►  ARCHIVE  ►  REPLICATION  ►  RESOURCE  MANAGEMENT  ►  SEARCH 

©1999-2007  CommVault  Systems.  Inc.  All  rights  reserved.  CommVault,  the  "C V"  logo,  CommVault  Systems.  Solving  Forward,  SIM,  Singular  Information  Management.  Simpana,  CommVault  Galaxy,  and 
QiNetix  are  trademarks  or  registered  trademarks  of  CommVault  Systems,  Inc.  All  other  third  party  brands,  products,  service  names,  trademarks,  or  registered  service  marks  are  the  property  of  and  used 
to  identify  the  products  or  sen/ices  of  their  respective  owners.  All  specifications  are  subject  to  change  without  notice. 


Susan  Cramm  executive  coach 


Howto  Make  Nice 

Win  back  estranged  colleagues  by  reaching  out  and  taking  accountability  for  your  actions 


It’s  amazing  how  often  executives  are  stymied  by  their 
inability  to  influence  others.  The  typical  scenario  involves 
a  talented,  change-oriented  leader  who  gets  a  shot  at  a 
more  visible  role.  In  the  process  of  getting  stuff  done,  he 
steps  on  a  few  (very  influential)  toes.  The  executive  racks  up  some 
impressive  accomplishments  over  time  but  finds  his  success  is 
hindered  by  the  organizational  minefields  his  actions  have  sown. 
As  a  result,  the  executive  tires  of  the  effort  required  to  move  things 
forward  and  decides  that  it’s  time  to  move  on. 

Getting  others  to  do  what  you  want  them  to  do  because  they 
want  to  do  it  is  the  ultimate  test  of  leadership  skill.  It’s  hard  to 
face  the  fact  that  others  don’t  like  working  with  you  (and  it  always 
boils  down  to  this  very  personal  sentiment,  doesn’t  it?)  but  once 
the  tears,  anger  and  denial  are  over,  two  questions  remain:  Is  it  too 
late  to  salvage  these  relationships,  and  how  can  I  do  that? 

It’s  rarely  too  late  to  try  again,  although  it  does  take  time  and 
effort  because  it’s  easier  to  create  impressions  than  change  them. 
Moving  to  a  new  company  may  seem  like  the  answer,  but  the 
only  way  to  put  the  issue  to  bed  is  by  winning  back  those  you’ve 
estranged.  I  have  clients  in  this  situation  and,  the  fact  is,  they  can 
change  organizations  but  that  won’t  change  the  outcome.  No  mat¬ 
ter  where  they  go,  there  they  are;  unless  you  change  your  behavior, 
you’ll  find  yourself  in  a  new  place  facing  the  same  old  problem. 

It’s  easier  to  outline  what  to  do  than  to  muster  the  courage  to 
get  it  done.  The  first  steps  require  eating  humble  pie.  Start  by 
facing  the  truth  of  how  your  actions  got  you  into  trouble.  Every¬ 
body  tends  to  first  place  blame  on  others.  Accepting  accountabil¬ 
ity  requires  explaining  the  past  without  using  the  phrases  “He 
said...,”  “She  should...,”  “I  told  them...,”  “I  tried...”  and  so  on. 

Next,  reach  out  to  would-be  colleagues  by  communicating 
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ILLUSTRATION  BY  TODD  DAVIDSON.  IMAGES.COM/CORBIS 


What  does  it  take  to  provide  360°  communications 
in  a  24/7  business  world? 


Expectations  are  high  for  communication  systems  in  today’s  connected  world.  They  are  expected 
to  deliver  a  lower  cost  of  ownership  while  ensuring  that  people  are  available  and  have  the  tools 
necessary  to  collaborate.  NEC,  the  global  IT  and  networking  company,  delivers  mobility  and  unified 
communications  that  integrate  with  our  UNIVERGE®  IP  Telephony  platforms,  to  improve  business 
processes  and  customer  relationships  by  connecting  people  to  people  and  the  information  they 
need  anytime,  anywhere.  NEC  Empowering  you  through  innovation. 

—  www.necus.com/necip 
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EC  is  proud  to  have  the  No.  1  worldwide  ranking  in  enterprise  telephony  extension  line 
tipments  in  2006,  for  the  second  year  in  a  row,  according  to  Gartner." 

/larket  Share:  Enterprise  Telephony  Equipment  Worldwide,  2006;  Megan  Fernandez  &  Isabel 
ontero,  July,  2007  ©NEC  Corporation  2007.  NEC  and  the  NEC  logo  are  registered  trademarks 
:  NEC  Corporation.  Empowered  by  Innovation  is  a  trademark  of  NEC  Corporation. 


Empowered  by  Innovation 


lusan  Cramm 


EXECUTIVE  COACH 


three  things.  First,  say  that  you  are  sorry  for  past  actions.  Tell 
them  you  want  to  restart  the  relationship,  then  ask  for  their 
help  in  doing  so.  The  combination  of  apologizing  and  asking 
for  help  is  powerful  in  that  it  disarms  the  listener  and  asks 
him  to  verbally  (and  therefore,  psychologically)  commit  to 
being  a  partner  in  your  success.  If  the  other  party  is  unwilling 
to  let  go  of  the  past,  focus  your  efforts  elsewhere. 

Finally,  you  need  to  learn  how  to  understand  and  serve  the 
needs  of  others  in  order  to  find  the  win-win  solutions  that  define 
effective  collaboration.  To  do  so,  you  will  need  to: 

Understand  your  stakeholders.  Determine  the  motivators 
of  key  stakeholders  by  discovering  their  objectives,  concerns 
and  long-term  goals.  Learn  to  collaborate  effectively  by  grasping 
their  communication,  decision  making  and  conflict  management 
styles  using  tools  such  as  the  Myers-Briggs  Type  Indicator. 

Listen  more  empathetically.  When  people  are  emotional, 
they  need  to  be  heard.  People  hate  know-it-alls  who  spout  off 
with  advice-giving  statements  that  start  with  “you  should...” 
or  “you  ought....”  When  approached  with  an  issue,  respond 
by  reflecting  the  content  and  emotion  of  the  other  party  two 
times  (for  example,  “I  bet  it  was  frustrating  when  you  worked  so 
hard...”)  before  asking  “when,”  “what”  and  “how”  questions  to 
understand  the  situation  further.  Avoid  “why”  questions— they 
put  others  on  the  defensive.  If  conversations  get  heated,  take  a 
break  and  reconvene  later— in  person  if  possible. 

Uncover  underlying  rationale.  People  tend  to  advocate  their 
point  of  view  (“We  should  use  this  vendor”)  without  offering  a 
rationale  regarding  information  and  interpretations— particu¬ 
larly  when  they  are  emotional.  Don’t  counter  with  your  own 
advocacy  statements  (“The  current  system  can  be  enhanced...”). 
Instead,  use  inquiry  to  understand  how  they  reached  their  con¬ 
clusions  (“What  do  the  customers  think?”  “What  are  the  key 
issues?”).  Shift  into  productive  advocacy  once  you  have  the 
facts  by  presenting  your  recommendation  and  rationale,  and 
inviting  critiques  (“What  am  I  missing?”). 

Apply  the  psychology  of  persuasion.  In  his  Harvard 
Business  Review  article,  “Harnessing  the  Science  of  Persuasion,” 
Robert  Cialdini  outlines  six  psychological  principles  that  help 
strengthen  relationships.  The  principle  of  reciprocity,  for  exam¬ 
ple,  outlines  how  important  it  is  to  give  what  you  want  to  receive. 
What’s  interesting  is  that  you  can  compel  others  to  repay  in  kind 
if,  and  only  if,  you  give  them  something  relevant  in  return  and 
respond  to  their  gratitude  by  saying,  “I’m  sure  you  would  do  the 
same  for  me”  rather  than  with  a  “No  problem”  or  “My  pleasure.” 
The  remaining  principles— liking,  social  proof,  consistency, 
authority  and  scarcity— are  also  useful  to  any  leader. 

My  clients,  like  executives  in  similar  circumstances,  are 
stuck  on  first  base  due  to  the  ego  hit  involved  with  taking 
accountability  and  asking  others  for  help.  Ultimately,  they  will 
be  successful  once  they  understand  it  is  impossible  to  move 
on  without  staying  put  and  delivering  against  the  acid  test  of 
turning  around  negative  impressions. 


Reader  Q&A 

Q:  One  of  my  direct  reports  is  very  talented  and  should 
be  in  line  for  my  job.  However,  he’s  a  bomb-thrower 
when  it  comes  to  working  with  others  and  defensive 
about  his  people  skills,  to  boot.  What  strategies  do  you 
suggest  for  changing  his  behavior? 

A:  Defensive  people  need  direct  tactics.  Conduct 
a  qualitative  360-degree  assessment  by  conduct¬ 
ing  interviews  with  his  key  stakeholders.  The 
qualitative  assessment  will  provide  in-depth 
insights  as  to  his  bomb-throwing  behaviors  with 
examples  that  will  be  difficult  for  him  to  deny. 

Before  presenting  the  feedback,  discover  his  career 
aspirations,  values  and  motivators  so  that  you  can 
directly  link  the  feedback  to  his  aspirations  and  how 
he  wants  to  live  his  life.  Once  he  works  through  the 
feedback  and  demonstrates  motivation  to  change, 
send  him  to  an  emotional-intelligence  seminar  so 
that  he  can  understand  the  behaviors  that  he  needs 
to  work  toward  and  then  provide  him  on-the-spot 
feedback— both  positive  and  negative— so  that  he  can 
start  to  internalize  the  changes  he  needs  to  make. 


Q:  Why  do  some  executives  think  that  they  can  influence 
others  by  throwing  their  title  around? 

A:  They  understand  that  positional  power  can  be  very 
effective  in  gaining  compliance— in  the  short  term. 


Q:  Driving  change  does  mean  stepping  on  some  toes. 
Should  I  worry  about  this  as  long  as  those  at  my  level 
and  above  are  satisfied  with  my  results? 

A:  If  your  peers  and  superiors  are  happy  with  your 
results  and  the  people  below  you  are  miserable,  you 

will  have  a  hard 
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time  attracting  and 
retaining  people  to 
work  with  you. 
Furthermore,  you 
will  limit  your 
impact  because 
those  below  you  will  “phone  it  in,”  doing  no  more 
than  necessary  to  get  the  job  done.  The  job  of  a  leader 
is  to  help  others  do  more  than  what  they  believed  pos¬ 
sible,  and  this,  of  course,  requires  their  enthusiastic 
participation.  BEI 

Susan  Cramm  is  founder  and  president  of  Val- 
uedance,  an  executive  coaching  firm  in  San 
Clemente,  Calif.  You  can  e-mail  feedback  to 
susan@valuedance.com. 
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Whether  they  are  a  strong  message  for  brands  in  flagship  stores,  a 
bright  centerpiece  for  high-end  home  entertainment  systems,  or  an 
image  carrier  in  business  conference  rooms  and  control  centers,  digital 
signage  solutions  from  NEC,  a  global  leader  in  IT  and  networking,  offer 
professional-grade  components  and  network  connectivity  that  reflect  a 
new  age  in  visual  communications  -  where  style  and  substance  converge 
NEC.  Empowering  you  through  innovation. 

—  www.necus.com/digitalsignage 
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FIELD-TESTED  IDEAS  FROM  CIOs  TO  CIOs 


Motivational  Strategies 

To  develop  a  team  that  can  compete  in  the  future,  you  have  to  help  its  members  define 
a  role  for  themselves,  and  then  give  them  the  tools  to  get  there 

BY  JOHN  E.  WEST 


A  =  6 


Five  years  ago,  I  rejoined  the  Department  of  Defense 
(DoD)  High  Performance  Computing  Center  in 
Vicksburg,  Miss.,  as  its  director.  I  had  left  two  years 
before  because  I  needed  to  have  new  experiences 
and  because  the  organization  was  dominated  by  deep  conflicts 
between  the  IT  staff  and  its  outsourced  contractors.  It  doesn’t 
take  long  for  that  stuff  to  wear  you  down.  My  own  attitude  had 
worsened  to  the  point  that  I  was  becoming  part  of  the  problem. 
It  was  time  to  move  on. 

I  had  been  an  individual  contributor  with  a  minor  leadership 
role:  managing  the  small,  in-house  staff  that  oversaw  the  contrac¬ 
tors.  When  the  leadership  of  the  supercomputing  center’s  parent 
organization  changed,  I  was  asked  by  the  director  to  return  as 
the  center’s  leader.  I  wasn’t  sure  how  it  would  turn  out  but  I  was 
eager  to  try  to  create  something  better. 

My  team  was  full  of  talented,  dedicated,  hardworking  people 
with  gifts  that  had  not  been  cultivated.  Rather,  as  new  tasks 
were  assigned  from  the  top,  many  staff  members  ended  up 
with  jobs  for  which  they  weren’t  well-suited.  But  reorganiz¬ 
ing  them  wasn’t  enough.  In  the  years  before  I  left,  we  had  spent 
a  lot  of  time  focused  on  the  administrative  activities  endemic 
to  large  government  programs  and  not  enough  time  building 
teams  or  focusing  on  the  future.  When  I  came  back,  we  were 
competing  for  funds,  new  projects  and  recognition  with  five 
other  DoD  supercomputing  centers.  Although  historically  we 
had  been  in  a  strong  position  to  win  new  work,  that  was  start¬ 
ing  to  change.  Most  of  the  team  needed  training  in  soft  skills 
to  help  them  communicate  with  each  other  and  our  business 
colleagues.  I  needed  to  turn  100  complainers,  watchers  and 
waiters  into  leaders. 
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Is  your  business  prepared  for 
catastrophic  data  loss? 

Are  you  prepared  to  save  the  day? 


A  revolutionary  grid  storage  platform,  HYDRAstor  ensures  that  you  stay 
connected  to  vital  information  when  disaster  hits.  The  first  unified  disk 
storage  platform  optimized  for  backup  and  archive  data  on  the  same 
platform,  HYDRAstor  cuts  backup  and  restore  time  in  half  and  reduces 
storage  capacity  requirements  by  95%  or  more,  compared  with  traditional 
systems.  With  HYDRAstor,  your  information  is  protected  and  available  fast, 
when  you  need  it  most.  NEC.  Empowering  you  through  innovation. 
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Peer  to  Peer  FIELD-TESTED  IDEAS  FROM  CIOs  TO  CIOs 


Get  Them  Talking 


Teach  Career  Skills 


The  in-house  and  contractor  teams  had  been  long  isolated  by 
conflict.  Each  side  had  critical  operational  and  technical  infor¬ 
mation  the  other  side  needed,  but  the  adversarial  culture  pre¬ 
vented  the  smooth  flow  of  that  information.  Neither  side  felt 
involved  in  what  the  other  was  doing;  neither  side  felt  any 
responsibility  for  making  the  other  side  successful. 

I  instituted  a  series  of  regular  tactical  meetings  at  all  levels, 
including  daily  and  weekly  operational  meetings  with  the 
top  leadership  of  the  in-house  and  contractor  staffs. 

I  emphasized  making  daily  decisions  in  the  context  of 
our  long-term  goals.  We  solved  problems  as  a  team, 
picking  solutions  based  on  merit  rather  than  on  which 
organization  they  came  from. 

This  was  an  important  step,  as  it  was  the  first  time 
in  years  that  people  had  even  been  asked  what  needed  fixing, 
let  alone  been  given  the  opportunity  to  contribute  to  the  solu¬ 
tion.  The  youngest  staff  members  were  the  quickest  to  respond. 
The  veterans  took  longer  to  adapt.  They  wanted  a  better  work 
environment  as  much  as  anyone,  but  they  adopted  a  “trust  but 
verify”  attitude  toward  my  leadership.  To  earn  their  trust,  I 
made  my  decision  making  as  transparent  as  I  could.  I  also  held 
myself  accountable  when  things  didn’t  go  as  planned. 

Let  Them  Make  Decisions 

Empowerment  is  a  horribly  overused  buzzword,  and  I  didn’t 
ever  use  it  with  my  team  (the  veterans  would  have  mutinied). 
But  giving  my  staff  the  authority  to  make  decisions  about  their 

work  was  the  single 
most  valuable  thing  I 
did  to  unlock  the  talent 
in  my  organization. 

I  knew  these  peo¬ 
ple  were  skilled  and 
devoted.  I  also  knew 
that  they  were  too  reliant  on  a  few  leaders  to  make  decisions.  If 
we  were  to  distinguish  ourselves  from  our  five  sister  centers,  we 
needed  everyone’s  input.  But  I  couldn’t  just  abandon  the  group 
to  its  own  devices  and  expect  good  results.  I  needed  to  educate 
them  about  what  was  important  to  the  organization  and  how  to 
make  decisions  that  supported  our  goals. 

I  began  with  my  core  leadership  team.  As  we  faced  decisions, 
I  would  talk  through  my  thought  processes:  what  other  orga¬ 
nizations  were  doing,  what  our  users  wanted  and  what  we  had 
done  before  in  similar  situations.  And  I  would  always  ask  them 
what  they  thought  we  should  do. 

Each  time  we  went  through  this,  the  team  gained  more  expe¬ 
rience  in  decision  making  and  began  to  model  the  same  behavior 
with  their  own  teams.  Today,  even  the  most  junior  staff  members 
are  using  this  process  to  make  decisions.  As  a  result,  the  orga¬ 
nization  reacts  much  faster  than  before  to  changes  in  project 
requirements  or  business  demands. 


The  last  big  piece  of  the  leadership  puzzle  was  basic  career  skills: 
writing,  speaking  and  career  management. 

In  IT,  we  spend  a  lot  of  time  on  technical  education  but  we 
don’t  spend  time  giving  people  the  tools  they’ll  need  to  succeed. 
Those  who  can  teach  themselves  basic  business  skills  or  who 
have  natural  communication  abilities  are  able  to  advance;  those 
who  don’t,  get  stuck.  This  is  like  teaching  people  to  mix  colors 
and  expecting  them  to  paint  like  Rembrandt. 


Effective  writing  and  good  speaking  skills  are  the  easiest  for 
your  staff  to  learn.  My  first  step  was  to  demonstrate  these  skills 
myself.  I  made  sure  my  writing,  including  e-mail,  illustrated  the 
easy,  informative  style  I  wanted  my  organization  to  adopt.  I  took 
the  same  approach  to  presentations  and  small  group  meetings. 
I  also  directed  a  portion  of  my  organization’s  training  budget 
toward  formal  training.  One  of  the  most  significant  results  of 
this  particular  step  was  that  we  all  developed  a  common  vocabu¬ 
lary  for  communicating. 

I  also  wanted  each  member  of  my  team  to  have  clear  career 
goals  and  a  plan  to  achieve  them.  I  felt  this  would  lead  to  more 
motivated  employees  who  understood  that  what  they  were 
doing  for  the  organization  was  good  for  them  personally. 

My  approach  is  to  work  with  my  staff  during  performance 
reviews.  I  try  to  make  all  employees  (especially  the  youngest) 
think  about  their  next  career  step  and  assess  whether  the  skills 
they’re  learning  will  get  them  there.  We  discuss  career  options, 
the  assignments  that  will  move  them  in  various  directions  and 
the  new  skills  they’ll  need.  This  conversation  has  led  to  more 
than  one  significant  change  in  direction  for  members  of  my 
team.  For  example,  in  the  course  of  reviewing  one  of  my  mid¬ 
level  team  members,  we  realized  that  after  10  years  in  one  role, 
he  wasn’t  challenged  by  or  interested  in  his  job  anymore.  Simply 
having  the  conversation  was  the  stimulus  he  needed  to  move 
from  an  average-performing  staffer  to  an  energized  leader  in  a 
new  role  on  the  technical  staff. 

If  you  want  to  ensure  that  your  organization  continues  to 
succeed  over  time,  you  need  to  get  your  team  members  to  put 
themselves  on  a  career  path  that  they  ultimately  control.  When 
they  have  their  eyes  on  their  own  future,  the  future  of  your  orga¬ 
nization  will  be  in  good  hands.  GEI 


John  West  is  the  director  of  the  Department  of 
Defense  High  Performance  Computing  Center  at  the 
U.S.  Army  Engineer  Research  and  Development  Cen¬ 
ter  in  Vicksburg,  Miss.  To  comment  on  this  article,  go 
to  letters@cio.com. 
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thanks  to  the  next-generation  Virtual  PC  Center  from  NEC,  a  global 
IT  and  networking  leader.  Our  new  virtual  PC  thin  client  system  is 
designed  to  enhance  PC  data  security,  reduce  total  cost  of  ownership, 
increase  user  flexibility  and  simplify  IT  management  -  all  while  delivering 
multimedia  support.  NEC  Empowering  you  through  innovation. 

—  www.necus.com/vpcc 
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APPLIED  INSIGHT 


The  Architected  Business 

Before  you  can  deploy  a  service-oriented  architecture,  you  have  to  understand  your 
business  model.  For  CIOs,  the  stakes  have  never  been  higher. 


Most  major  organizations  claim  to  have  a  service- 
oriented  architecture  (SOA)  plan.  Not  to  have  one 
would  be  old-fashioned.  However,  successful 
implementation  of  end-to-end  data  and  business 
processes  integration  requires  not  only  a  technology  architecture 
but  also  a  parallel  business  architecture.  You  simply  can’t  have 
a  modern  business  model  without  modern  processes,  software 
and  infrastructure  that  are  tightly  integrated. 

But  in  most  enterprises,  this  integration  between  IT  architec¬ 
ture  and  the  business  model  remains  poorly  articulated.  I  call 
this  the  CEO/CIO  dialogue  gap.  This  gap  exists  to  some  extent 
because  of  the  relative  “newness”  of  IT  as  a  discipline.  Professions 
like  finance  and  manufacturing  have  matured  over  hundreds  of 
years,  with  principles,  structures  and  a  body  of  knowledge  that 
are  well  understood  by  business  leaders.  However,  IT  has  been 
part  of  the  commercial  landscape  for  only  four  decades. 

During  the  last  10  years,  some  CEOs  and  CIOs  have  been 
able  to  close  the  dialogue  gap.  However,  in  today’s  flatter— even 
upside-down— world,  competition  is  much  harder  and  business 
moves  much  faster.  In  such  exhilarating  and  dangerous  times, 
strong  leadership  really  matters.  There’s  no  longer  any  room  for 
miscommunication  between  the  business  and  IT. 

Critical  Alignment 

The  struggle  for  business/IT  alignment  is  decades  old.  But 
today,  the  stakes  are  much  higher  because  technology  is  becom¬ 
ing  fully  integrated  into  every  facet  of  customer,  supplier  and 
employee  interactions.  The  challenge  for  CIOs  is  multifaceted. 
First,  they  must  grasp  the  competitive  business  context  of  their 
enterprise  and  understand  the  durable  processes  that  drive 
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the  business  versus  organization  structures 
that  are  perishable.  Then  they  must  be  able  to 
build  a  multiyear  modernization  plan  for  the 
enterprise  and  establish  governance  structures 
with  the  executive  team.  Finally,  CIOs  must  be 
able  to  articulate  the  value  of  the  above  to  their 
business  constituents. 

This  is  a  tall  order,  but  it’s  critical  for  the  suc¬ 
cess  of  a  modern  enterprise.  In  the  past,  we  could 
get  away  with  short-term  commitments  and  less 
discipline  because  we  were  executing  projects 
that  were  contained  within  a  business  function  and  limited  to  a 
specific  technology.  But  today,  most  business  processes  require 
real-time  integration  of  data  and  applications.  If  the  business  and 
IT  integration  model  and  investment  strategy  are  not  well-under¬ 
stood,  aligned  and  managed,  you  could  end  up  with  poor  business 
results,  dissatisfied  customers  and  out-of-control  IT  expenses. 

For  example,  self-service  processes  that  use  real-time  data 
require  a  rock-solid  and  secure  infrastructure.  This  type  of 
always-on  business  model  built  on  SOA  has  become  core  to  indus¬ 
tries  like  airlines  and  banks.  It  has 
an  upside:  Because  there  are  fewer 
people  between  the  customer  and 
the  service,  service  delivery  costs 
are  lower  and  the  customer  experi¬ 
ence  is  more  inviting.  The  downside 
is  if  your  systems  go  down,  service 
collapses  and  there  are  not  as  many 
people  to  run  interference  on  customers’  behalf. 

Similarly,  a  fully  integrated  global  supply  chain  makes  your 
company  more  efficient  with  lower  fixed  costs.  But  if  it  ever  goes 
down,  your  product  flow  stops  within  hours  because  you’ve 
eliminated  inventory  at  every  level.  There  is  both  value  and  risk 
when  technology  is  woven  into  the  business  fabric. 

In  addition,  the  always-on  infrastructure  is  costly  because  of 
its  intensity— the  volume  of  transactions  it  has  to  support  and 
the  number  of  devices  such  as  kiosks,  PDAs  and  edge  devices  like 
RFID  tags  connected  to  it.  The  value  of  these  investments  needs 
to  derive  from  reducing  labor,  improving  customer  service,  gain¬ 
ing  market  share,  or  dramatically  improving  supply  chain  and 
operations  productivity.  In  other  words,  your  IT  investments 
must  be  aligned  with  the  economics  of  your  business. 


SOA  in  Practice 


Read  an  interview  with  CIO  Andy 
Baer  about  COMCAST’S  SERVICE- 
ORIENTED  ARCHITECTURE  at 
www.cio.com/article/121952. 


cio.com 


TheBusiness-IT  Architecture 

There  are  time-honored  principles  for  aligning  IT  with  your 
company’s  economic  model,  starting  with  the  business  archi¬ 
tecture.  This  business  architecture  includes: 

■  Industry  context,  consisting  of  the  competitive  landscape 

■  Business  context,  consisting  of  the  company’s  approach  to 
revenue  growth,  margin  expansion,  cash  flow  and  quality 

■  The  business  model,  which  is  how  the  company  is  organized 
and  governed  to  deliver  value 


Most  business  processes  require 
real-time  integration  of  data  and 
applications.  If  the  business  and  IT 
integration  model  and  investment 
strategy  are  not  well-understood, 
you  could  end  up  with  poor  results 
and  out-of-control  IT  expenses. 


■  Business  processes,  or  how  operations  work  end-to-end  to 
deliver  results 

The  IT  architecture  must  be  well-aligned  with  the  business 
architecture  and  designed  to  deliver  consistent  quality  over  time. 
To  do  so,  you  must  have  an  application  and  data  architecture 
that  is  mapped  to  durable  business  processes  and  technology 
that  is  appropriate  to  the  scale  at  which  the  company  operates. 
In  addition,  the  IT  organization  must  reflect  how  the  business  is 
organized,  and  a  governance  process  must  be  defined  to  manage 
investment  decisions  and  trade-offs. 

A  good  example  of  alignment  between  the  business  archi¬ 
tecture  and  IT  comes  from  my  experience  as  CIO  at  Burling¬ 
ton  Northern  Santa  Fe  Railway  in  the  mid-1990s.  Our  lessons 
there— managing  in  a  rapidly  changing  competitive  environ¬ 
ment-remain  true.  The  business  leadership  realized  after 
deregulation  of  the  railroad  industry  that  its  competitors  were 
not  the  other  railroads,  but  rather  the  trucking  companies.  Rail¬ 
roads  historically  moved  coal  and  grain— commodities  that  were 
not  schedule-dependent.  Whether  we  delivered  on  a  Monday  or 
a  Thursday  didn’t  matter  that  much.  Anything  that  was  sched¬ 
ule-sensitive  went  to  the  truckers. 

The  competitive  insight  we  had  was  that  if  you  could  run  a 
high-velocity,  reliably  scheduled  railroad,  you  could  take  back 
market  share.  That  vision  drove  our  subsequent  investments 
in  processes,  organization  and  technology.  In  other  words,  the 
notion  of  building  a  21st-century  railroad  led  us  to  harmonize  the 
business  and  IT  architecture  and  our  governance  processes. 

The  keys  to  winning  with  IT  today  are  no  different  than  they 
were  40  years  ago.  You  need  to  get  alignment  right,  design  the 
business  and  its  technology  with  an  end-state  in  mind  and 
deliver  capabilities  in  an  evolutionary  way.  However,  the  speed 
of  business  has  accelerated  and  the  stakes  are  enormous.  SOA- 
type  implementations  have  increased  the  complexity  and  risk  of 
IT.  There  are  no  silver  bullets  to  slay  these  challenges,  but  there 
are  great  lessons  and  innovations.  These  are  exciting  times  for 
our  profession.  BE] 


Charlie  Feld,  a  former  CIO,  is  senior  executive  vice 
president  of  applications  services  with  EDS.  Contact 
him  at  charlie.feld@eds.com.  To  comment  on  this 
article,  go  to  www.cio.com/articie/121850. 
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Reduce  costs  and  increase  quality  with  our 
Integrated  Infrastructure  Management™  solution 


Make  your  IT  processes  and 
business  strategy  work  together 


We  have  been  accelerating  the  return  on 
our  clients'  IT  investments  for  two  decades, 
and  we  have  the  clients,  awards,  recognition, 
track  record  and  growth  to  prove  it. 

Learn  more  at  compucom.com. 


Will... 


Gain  your  IT  Outsourcing  trust 


Give  you  tier-one  service  quality  at  a  tier-two  price 


Deliver  what  we  promise,  on  time,  on  budget 


IT  Outsourcing  Services  •  Application  Services  •  Software  Services  •  Hardware  Services 
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Failure  to  Communicate 

Understanding  how  the  brain  processes  social  cues  can  help  you  improve 
how  you  and  your  colleagues  collaborate  online 


Two  companies  had  formed  a  joint  venture  to 
develop  a  new  telecommunications  product.  Engi¬ 
neers  in  both  companies  were  hard  at  work,  but 
the  project  itself  was  stalled. 

The  reason?  A  consultant  we  know  diagnosed  the  problem 
this  way:  “Engineers  on  each  side  never  saw  each  other,”  he 
told  us,  let  alone  coordinated  their  work  on  the  project.  “The 
two  sides  just  e-mailed  their  irritations  to  each  other.  They 
were  having  a  flame  war.” 

Flaming,  of  course,  refers  to  an  e-mail  message  that  comes 
across  as  rude  or  annoying,  and  a  flame  war  happens  when 
the  recipient  of  such  a  message  flames  back,  leading  to  an  arms 
race  of  insult.  Flaming  is  but  one  of  numerous  ways  a  lack  of 
social  intelligence  can  sabotage  the  use  of  technology,  espe¬ 
cially  when  it  comes  to  working  with  others  together  online. 
Any  IT  manager  takes  a  risk  that  a  group’s  efforts  will  falter  if 
he  ignores  the  psychological  dimension  of  social  computing. 

Flaming  is  a  symptom  of  a  larger  malady:  an  epidemic  fail¬ 
ure  of  social  restraint.  The  same  syndrome  seems  at  work  in 
bloggers  who  take  a  perverse  glee  in  attacks  and  threats— who 
see  Web  rage  as  cool.  In  games  like  The  Sims  (an  online  role- 
playing  environment),  “griefers”  are  players  whose  goal  is  to 
ruin  the  experience  for  others.  In  chat  rooms  and  on  Listserv 
discussions,  “trolls”  take  pleasure  in  baiting  people  into  argu¬ 
ments  that  waste  time  and  energy.  And  of  course,  no  business 
environment  would  be  complete  without  some  opportunity 
for  passive  aggression,  which  may  be  expressed  in  a  variety  of 
ways,  from  answering  a  critical  e-mail  late  (or  never),  or  pro¬ 
viding  only  partial  or  obtuse  answers  that  force  a  questioner  to 
re-ask  her  question  in  increasingly  picayune  detail. 
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If  your  datacenter  is  bulging  at  the  seams,  we  can  help.  We're  Digital  Realty  Trust,  the  largest  owner  and  operator  of  datacenters  in  the  industry,  with  over  12  million 
square  feet  of  facilities  across  the  United  States  and  Europe.  We  provide  datacenter  facility  solutions  ranging  from  move-in  ready  to  build-to-suit.  We  can  solve  your 
datacenter  space  problems.  Be  one  of  the  first  200  people  to  download  our  whitepaper,  "Determining  the  Datacenter  You  Need"  and  receive  a  limited  edition 
Space  Monster  bobble  head,  www.digitalrealtytrust.com/spacemonster 


Digital  Realty  "Trust 
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Hi  Daniel  Goleman  and  Clay  Shirky 

!  j 


Why  People  Are  Rude  Online 

There  is  a  technical  name  for  this  unsociable  behavior 
in  cyberspace:  the  online  disinhibition  effect.  All  cases 
of  cyber-rudeness  would  be  far  less  likely  in  face-to-face 
interaction,  where  subtle,  mainly  nonverbal  cues  help  us 
govern  our  responses  to  others.  Neuroscience  diagnoses 
the  mechanics  behind  flaming  as  a  design  flaw  in  the  inter¬ 
face  between  the  online  world  and  the  brain’s  circuits  for 
reading  and  responding  to  another  person. 

When  we  talk  in  person,  massive  numbers  of  parallel 
neural  circuits  process  emotional  signals  and  let  us  decide 
instantly  what  to  say  or  do.  A  crucial  hub  for  this  adaptive 
bit  of  empathy  is  the  brain’s  orbitofrontal  cortex,  which  both 
conducts  this  social  scan  and  helps  orchestrate  our  response 
so  an  interaction  goes  well.  Patients  with  damage  to  this  cir¬ 
cuitry  are  unable  to  censor  their  unruly  impulses— they  will 
make  mortifying  gaffes  or  insult  people.  In  essence,  they  flame 
while  face-to-face. 

For  individuals  with  an  orbitofrontal  cortex  that  is  operat¬ 
ing  normally,  a  fleeting  frown  or  a  lilt  in  tone  of  voice  is  the 
basis  for  “mind  sight,”  which  lets  us  sense  what  the  other  per¬ 
son  feels  and  thinks.  But  short  of  a  two-way  webcam  conversa¬ 
tion,  the  online  world  lacks  a  channel  for  such  cues  from  voice, 
facial  expression  and  posture  that  the  social  brain  needs  to 
navigate  well.  Without  those  cues,  we  become  “mind  blind”— 
unable  to  sense  what  the  other  person  thinks  and  feels— and 
thus  more  prone  to  send  a  response  that  seems  “off.” 

The  Costs  of  Mind  Blindness 

The  cost  of  mind  blindness  isn’t  just  measured  in  rude  behav¬ 
ior— it  also  robs  us  of  some  of  our  most  powerful  tools  for  deci¬ 
sion  making.  Consider  asking  a  question  in  e-mail  and  getting 
back  no  as  an  answer.  Does  that  no  mean  “my  first  answer  is  no, 
but  I  could  be  talked  into  it”  or  “absolutely  not”?  Face-to-face, 
we  are  able  to  read  all  kinds  of  nuances  into  seemingly  concrete 
answers— we  know  a  yes  from  a  “yeah,  sorta,”  and  we  can  tell  a 
maybe  that  means  “I’m  thinking  about  it”  from  a  maybe  that  is 
just  a  polite  refusal.  Online,  no  is  merely  no,  and  considerably 
less  informative  as  a  result. 

As  with  much  about  human  social  capability,  the  problem 
is  magnified  in  group  conversations.  E-mail  is  a  wonderful 
medium  for  distributed  conversation  but  a  terrible  one  for 
group  decision  making.  Our  mind  blindness  doesn’t  just  deny 
us  the  ability  to  read  the  speaker,  it  takes  away  our  ability  to 

read  other  listeners  as  well. 
This  creates  challenges 
for  IT  organizations  that 
are  trying  to  implement 
distributed  collaboration 
environments. 

Consider  a  group  trying 
to  arrive  at  a  major  decision 


People  communicate  better 
when  they  are  together,  and 
they  also  communicate  better 
online  after  they've  spent  some 
time  one-on-one. 

through  e-mail.  Were  they  together  in  a  single  room,  the  con¬ 
versation  would  typically  be  accompanied  by  tiny  head  shakes 
and  barely  audible  responses— the  ahs  and  hmms  and  nuhs 
that  we  are  instinctively  adept  at  reading.  Everyone  would  tac¬ 
itly  recognize  when  a  consensus  had  been  reached.  Then  some¬ 
one  would  articulate  that  agreement  to  a  medley  of  nods. 

These  moments  are  routine  in  meetings.  But  in  virtual 
meetings  such  consensus  can’t  be  read.  Lacking  this  signal 
to  wrap  up,  an  online  discussion  can  be  endless.  Even  worse, 
because  the  participants  can’t  read  the  mood  of  the  “room,”  the 
conversation  ends  up  reflecting  the  interjections  of  the  most 
frequent  and  forceful  participants,  rather  than  the  overall 
judgment  of  the  group,  which  is  usually  different  from,  and 
often  better  than,  the  judgment  of  the  noisiest  few. 

There  are,  of  course,  ways  we  can  add  a  bit  of  emotional 
nuance  to  our  e-mail.  Emoticons  signal  the  emotion  that  goes 
with  a  message;  inserting  bracketed  question  marks  to  indi¬ 
cate  uncertainty  might  be  another.  But  yet  there  is  no  online 
convention  that  adds  to  e-mail  anything  near  the  full  emo¬ 
tional  undertones  that  a  live  voice  or  face  offers.  E-mail  simply 
offers  no  substitute  for  the  richness  of  a  live  encounter. 

The  solution  to  the  telecom  company  engineers’  flame  war? 
Get  them  together  in  one  room  for  a  few  days. 

Although  claims  that  telecommunications  will  replace 
travel  have  persisted  ever  since  AT&T  proposed  the  video¬ 
phone  in  1964,  technology  is  a  complement,  rather  than  a 
substitute,  to  meeting  face-to-face.  People  communicate  bet¬ 
ter  when  they  are  together,  and  they  also  communicate  better 
online  after  they’ve  spent  some  time  one-on-one. 

When  the  engineers  gathered,  they  got  to  know  each  other 
as  people.  They  were  no  longer  faceless  entities  lurking  behind 
an  e-mail  address.  They  were  able  to  establish  ground  rules 
for  a  respectful  and  productive  discussion,  whether  face-to- 
face  or  online.  Whenever  they  had  the  urge  to  send  a  flaming 
e-mail,  they  agreed  to  call  each  other  on  the  phone  and  talk 
the  problem  over. 

And  their  joint  venture  was  completed  successfully.  BID 


Daniel  Goleman  codirects  the  Consortium  for  Research  on  Emotional 
Intelligence  in  Organizations  at  Rutgers  University.  He  can  be  reached 
at  contact@danielgoleman.info.  Clay  Shirky  is  a  consultant  who 
teaches  in  NYU’s  graduate  Interactive  Telecommunications  Program. 
Contact  him  at  clay@shirky.com.  To  comment  on  this  story,  go  to  the 
online  version  at  www.cio.com/article/121550. 


Behave  Better 


Link  to  an  audio  download  of 
Clay  Shirky  and  Daniel  Goleman 
explaining  WHY  UNDERSTAND¬ 
ING  THE  BRAIN  CAN  IMPROVE 
COMMUNICATION  at  www.cio 
.com/article/121550. 

cio.com 
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A  CIO  Dialogue  on  Business  Continuity 


CIO  Publisher  Gary  Beach  recently  sat  down  to  discuss  business  continuity  with  four  noted  leaders: 
Gene  Doody,  CIO,  City  of  Richmond,  Va.;  Martin  Gomberg,  SVP I  CIO  A&E  Television  Network  and 
The  History  Channel;  Jane  Lenz,  manager  of  Business  Continuity  and  Disaster  Recovery,  Amylin 
Pharmaceuticals;  Belinda  Wilson,  executive  director,  Business  Continuity  Services,  HP.  Poliowing  is  an 
excerpt  from  their  discussion.  The  full  webcast  is  available  at  www.cio.com/webcast/sponsored/hp/bc. 


GARY  BEACH:  What  do  you  see  as  some  of  the 
challenges  that  your  customers  have  in  getting 
involved  with  senior  management? 

BELINDA  WILSON:  My  recommendation 
would  be  if  you  don’t  have  senior  management 
commitment,  you  may  as  well  stop,  because  you 
will  never  be  successful. 

BEACH:  Where  does  senior  management  begin? 


WILSON:  It  begins  in  terms  of  commitment, 
sponsorship,  funding.  The  ultimate  in  what  we’ve 
seen  is  what  I  would  consider  best-in-class,  are 
organizations  [where]  the  senior-level  management 
has  built  business  continuity  into  their  corporate 
culture.  So,  all  of  a  sudden  it  becomes  something 
that  employees  feel  very  prideful  about,  very 
protective  about,  and  you  need  to  make  it  at  that 
level  and  get,  again,  as  you  mentioned, 
communicated  down  for  it  to  really  take  off.  And 
many  years  ago,  the  No.  1  reason  business 
continuity  failed  was  lack  of  senior  management 
commitment.  We’re  getting  better  at  it.  We  get 
asked  a  lot,  “How  do  we  get  their  attention?”  And 
I  say,  “Why  don’t  you  take  their  email  away  for  an 
hour?”  Trust  me,  they  will  want  to  know  about 
business  continuity.  Because  then  you  can  say, 
“This  was  just  a  test  to  see.” 

If  your  competitor  has  had  an  issue,  that  is 
the  best  time  to  go  take  it  to  your  senior 
management  and  say,  “This  could  have  been  us. 
What  if  this  was  us?”  You’ve  got  to  strike  when 
the  iron’s  hot. 


THE  NATION'S  MOST  ELITE  CIOS  AND  IT  EXECUTIVES  ATTEND  CIO 
CONFERENCES.  THE  THOUGHT  LEADERSHIP  SERIES  IS  A  SNAPSHOT  OF 
A  ROUNDTABLE  WHERE  THEY  SHARE  IDEAS,  SUCCESSES  AND  STRATEGIES. 
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“You  can  have  the 
best  recovery 
strategy  in  the 
world,  but  if  you 
execute  poorly,  it 
wont  matter.  ”  — 
Jane  Lenz 


CIO 


Custom  Solutions  Group 


GENE  DOODY:  I  know  my  mayor  doesn’t  want 
to  be  the  next  mayor  of  New  Orleans.  It’s  probably 
a  valuable  lesson  for  us. 

MARTIN  GOMBERG:  It’s  a  language  problem 
in  that  when  you  talk  to  technical  people,  and  you 
talk  about  things  like  boxes  and  circuits  and 
redundancy  and  capacity  and  all  of  those  things, 
they  get  it.  But  turn  to  senior  management  and 
start  talking  about  redundancy  and  availability 
capacity,  and  they’re  hearing  something  in 
Martian.  You  need  to  turn  that  into  a  discussion 
that  they  understand.  When  we  talk  about  denial 
of  markets,  when  we  talk  about  denial  of  distri¬ 
bution,  when  we  talk  about  loss  of  revenue,  these 
are  things  that  they  get.  I’ve 
been  able  to  now  convert  this 
into  a  formula.  It’s  resources, 
divided  by  consumption, 
equals  the  days  of  survival. 

And  if  you  can  actually  get 
this  down  to  an 
understanding  of  how  many 
days  my  company  can  last, 
they  get  that. 

BEACH:  What  metrics  do  you  use  at  Amylin  to 
measure  the  effectiveness  of  your  business 
continuity/disaster  recovery? 

JANE  LENZ:  We  utilize  similar  metrics,  and 
we’re  trying  very  hard  to  both  qualify  and  quantify 
the  impact  of  the  business  interruption.  We’re 
doing  a  corporate-wide — right  now  as  a  matter  of 
fact — refresher  for  business  impact  analysis 
throughout  all  of  our  various  business  units.  And 
in  doing  that,  one  of  the  metrics  that  we’re  trying 
to  come  up  with,  as  our  company  has  been  ever- 
changing,  is  a  metric  around  what’s  the  dollar  loss. 


Let’s  quantify  what  the  dollar  loss  is.  And  then  also 
we’re  looking  at  impact  as  far  as  reputation. 
Companies  must  be  concerned  about  what  their 
corporate  reputation  would  take  as  far  as  a  hit 
because  of  an  event  or  the  way  it  was  handled.  So, 
incident  or  crisis  management  is  a  very  important 
component  to  a  continuity  program.  Because  you 
can  have  the  best  recovery  strategy  in  the  world, 
but  if  you  execute  poorly,  it  won’t  matter. 

BEACH:  Gene,  what  metrics  do  you  use? 

DOODY:  Our  No.  1  goal  is  to  be  able  to  make 
sure  that  those  people  that  rely  on  us  to  sustain 
them  are  going  to  be  able  to  do  that.  So,  we  start 
talking  about  metrics,  you  know,  some 
of  the  things  we’re  looking  at  are 
operational  things.  So,  how  are  we 
going  to  make  sure  that  we  establish  a 
mechanism  for  these  people  to  get 
their  money?  The  likelihood  of  a 
disaster  is,  can  they  show  up 
somewhere  or  not?  Is  there 
transportation  available?  Depends  on 
the  type  of  disaster  you’re  looking  at. 
We’re  an  area  subject  to  hurricanes,  so  if  a 
hurricane  comes  through,  there  can  be  the 
potential  that  we  may  have  to  try  to  find  a  way  to 
get  to  people.  I  think  the  most  important  one  for 
us,  as  I  talked  about  earlier,  is  financial,  the  idea 
of  making  sure  that  we’re  in  a  position  where 
we’ve  got  some  long-term  sustaining 
mechanisms — you  know,  taxes  and  those  types  of 
things.  More  importantly,  being  strong  enough  to 
kind  of  survive  that  type  of  hit.  And  I  think  for 
us — and  kind  of  looking  at  the  type  of 
experiences  that  we’ve  had — we  like  to  believe 
that  if  we  can  do  it  for  six  months,  we  can 
survive  pretty  much  any  disaster. 


“If you  don’t  have 
senior  management 
commitment,  you  may 
as  well  stop,  because 
you  will  tiever  be 
successful.  ” 
-  Belinda  Wilson 


Want  to  hear  more  about  Business  Continuity ?  The  conversation  continues  here 
[ivww.  cio.  com!  webcast/ sponsored/hp/bc] . 
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cal  I  for  entries 


We’re  looking  for  the 
next  generation  of 
standout  IT  leaders. 


Nominees  should 
currently  be  top  IT 
lieutenants— but  not 
yet  full-fledged  CIOs. 

Visit  www.cio.com/cio-awards/ones-to-watch/ 

today  to  apply. 


Apply 


Candidates  will  be  nomi¬ 
nated  by  their  CIO  based  upon 
the  characteristics  identified  in 
the  application  at  www.cio 
.com/cio-awards/ones-to- 
watch/.  Candidates  may  also 
nominate  themselves  or  be 
nominated  by  another,  but  all 
nominations  must  be  endorsed 
by  a  CIO. 

A  panel  of  leading  CIOs 
will  judge  the  nominees  and 
choose  the  winners,  who 
will  be  featured  in  a  special 
May  2008  issue  of  CIO. 


Presented  by  CIO  magazine  and  the  CIO  Executive  Council 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


Business 

Technology 

Leadership 


Winners  will  also  be 
honored  at  the  fourth  annual 
CIO  Leadership  Conference 

to  take  place  May  18-20, 2008, 
at  the  Sheraton  Boston  Hotel. 


Don’t  Be  Late 


We  will  accept 
nominations  from  Sept.  1 
through  Nov.  16.  For  more  about 
this  prestigious  award,  go  to 

www.cio.com/cio-awards/. 


Cover  Story  |  Global  Information  Security 


The  5th  Annual  GLOBAL 
STATE  of  INFORMATION 
SECURITY 


Five  years  ago,  when  CIO  and  PricewaterhouseCoopers  col  labo- 
rated  on  the  first  “Global  State  of  Information  Security”  survey, 
very  few  people  knew  how  bad  the  problem  was.  Now  everyone 

knows.  They  just  don’t  know  how  to  fix  it. 

BY  SCOTT  BERINATO 


wareness  of  the  problematic  nature  of  information 
security  is  approaching  an  all-time  high.  Out  of  every 
IT  dollar  spent,  15  cents  goes  to  security.  Security  staff 
is  being  hired  at  an  increasing  rate.  Surprisingly,  however,  enter¬ 
prise  security  isn’t  improving. 

For  the  fifth  straight  year,  CIO,  CSO  and  PricewaterhouseCoopers 
(PWC)  present  select  results  and  analysis  from  the  “Global  State  of 
Information  Security”  survey,  the  world’s  largest,  most  comprehen¬ 
sive  annual  information  security  survey. 

And  the  first  question  to  ask  is,  Are  you  feeling  anxious? 

Are  you  feeling  the  disquiet  that  comes  from  knowing  there’s 
no  reason  why  your  company  can’t  be  the  next  TJX?  The  angst  of 
knowing  that  these  modern  plagues— these  spam  e-mails,  these 
bots,  these  rootkits— will  keep  coming  at  you  no  mat¬ 
ter  how  much  time  and  money  you  spend  trying  to 
stop  them?  The  chill  that  comes  from  knowing  how 
much  you  don’t  know? 

Yeah,  you’re  feeling  it. 

You’re  feeling  it  because  you’re  seeing  it.  Accord¬ 
ing  to  the  2007  survey,  a  comprehensive  canvassing 


of  7,200  respondents  on  six  continents,  you  see  the  information 
security  problem  more  clearly  than  ever  before.  You’re  seeing  it 
because  you’ve  created  tools  and  systems  in  order  to  see  it.  For 
example: 

You’ve  added  processes.  Three  years  ago,  only  37  percent  of  com¬ 
panies  reported  having  an  overall  security  strategy.  This  year,  57 
percent  did.  Also,  nearly  four  out  of  five  companies  conducted 
enterprise  risk  assessments,  at  least  periodically. 

You’ve  deployed  technology.  Nine  out  of  10  respondents  said  they 
use  firewalls,  monitor  users  and  rely  on  intrusion  detection  infra¬ 
structure,  and  that  number  approached  98  percent  when  responses 
were  limited  to  larger  companies  (more  than  $1  billion  in  revenue). 
Encryption  is  at  an  all-time  high,  with  72  percent  reporting  some 
use  of  it  (compared  to  48  percent  last  year). 

You’ve  hired  people.  The  number  of  CISOs  and  CSOs  employed 
continues  to  rise.  And  the  mean  number  of 
information  security  workers  per  company 
has  topped  100,  most  likely  due  to  more  out¬ 
sourcing  and  the  use  of  contract  employees. 

You’ve  crafted  an  infrastructure  for 
understanding.  You’re  seeing  it,  and 
that’s  why  you’re  feeling  it.  You’re  undergo- 
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ing  a  shift  from  a  somewhat  blissful  ignorance  of  the  serious  flaws 
in  computer  security  to  a  largely  depressing  knowledge  of  them. 

Awareness  may  be  at  an  all-time  high,  but  awareness  doesn’t 
equal  improvement,  and  awareness  doesn’t  bring  happiness.  The 
sad  fact  is  that  the  strides  made  to  date  have  not  crossed  the  thresh¬ 
old  from  seeing  to  fixing. 

“That  next  level  of  maturity  has  not  been  reached,”  says  Mark 
Lobel,  a  principal  with  PWC’s  advisory  services.  “We  have  the  tech¬ 
nology  but  still  don’t  have  our  hands  around  what’s  important  and 
what  we  should  be  monitoring  and  protecting.  Where’s  that  console 
that  says,  ‘Hey,  credit  card  numbers  are  crossing  the  firewall  and 
this  is  a  PCI  issue  that  has  a  real  business  impact?”’ 

Read  on  for  more  on  what  awareness  has  led  to  and  other  insights 
from  the  “Global  State  of  Information  Security  2007”  survey. 


We've  Seen  the  Enemy;  It's  You 

This  year  marks  the  first  time  “employees”  beat  out  “hackers”  as  the 
most  likely  source  of  a  security  incident.  Executives  in  the  security 
field,  with  the  most  visibility  into  incidents,  were  even  more  likely 
to  name  employees  as  the  source. 


□  Likely  Sources  of  Incidents 

Recognition  of  the  insider  threat  is  a  sign  that  awareness  is  increasing,  largely 
due  to  the  controls  that  have  been  put  in  place  over  the  past  five  years. 


WHO  ATTACKED  US? 


2006 


2007 
SECURITY 
EXECUTIVES 
2007  ONLY 


Employee/former  employee  51%  69%  84% 

Hacker  54%  41%  40% 


"I  See/'  Said  the  Blind  Man 

Five  years  ago,  36  percent  of  respondents  to  the  “Global  State  of 
Information  Security”  survey  reported  that  they  had  suffered 
zero  security  incidents.  This  year,  that  number  was  down  to  22 
percent. 

Does  this  mean  there  are  more  incidents?  We  don’t  think  so.  We 
believe  it  simply  means  that  more  companies  are  aware  of  the  inci¬ 
dents  that  they’ve  always  suffered  but  into  which,  until  recently, 
they  had  no  visibility.  Those  once  inexplicable  network  outages 
are  now  known  to  be  security  incidents.  Perhaps  a  spam  outbreak 
wasn’t  considered  a  security  incident  before,  but  now  that  it  can 
deliver  malware,  it  is.  Awareness  is  higher,  and  that’s  because  com¬ 
panies  have  spent  the  past  five  years  building  an  infrastructure  that 
creates  visibility  into  their  security  posture. 

□  The  Infrastructure  Is  in  Place 

Baseline  deployment  of  people,  process  and  technology  continues  to  rise 
steadily,  sometimes  dramatically.  Among  those  companies  that  don’t  have 
these  techniques  in  place,  the  priority  for  adding  it  is  remarkably  low,  indicating 
that  most  people  who  think  they  need  these  things  now  have  them. 


2006 

2007 

PRIORITY 
FOR  2008 

PEOPLE:  YOU  HAVE  A... 

cso 

21% 

28% 

13% 

CISO 

22% 

32% 

17% 

CPO 

16% 

22% 

14% 

PROCESSES:  YOU  HAVE... 

An  overall  security  strategy 

37% 

57% 

13% 

A  baseline  for  customers/partners 

25% 

42% 

10% 

Centralized  SIM 

34% 

44% 

11% 

TECHNOLOGY:  YOU  DEPLOY... 

Firewalls 

77% 

93% 

15% 

Encryption 

43% 

72% 

25% 

IDS/A-V/other  detection* 

57% 

90% 

28% 

Data  backup 

78% 

82% 

14% 

User  security/ID  management* 

73% 

89% 

33% 

IPS/filters* 

44% 

83% 

22% 

Internet  security* 

31% 

70% 

14% 

*  Before  2007,  these  categories  were  not  consolidated.  The  percentage  listed  is  the 
highest  percentage  given  for  one  of  the  subcategories  now  consolidated  into  the  new 
category. 


Have  employees  suddenly  turned  more  malicious?  Are  inside 
jobs  suddenly  more  fashionable  and  productive  than  they  used  to 
be?  Probably  not.  Most  security  experts  will  tell  you  that  the  insider 
threat  is  relatively  constant  and  is  usually  bigger  than  its  victims 
suspect.  None  of  us  wants  to  think  we’ve  hired  an  untrustworthy 
person. 

This  spike  in  assigning  the  blame  for  breaches  and  attacks  to 
employees  is  probably  more  like  the  dip  in  companies  that  report 
zero  incidents— a  reflection  of  awareness,  of  managers’  ability  to 
recognize  what  was  always  there  but  what  they  couldn’t  previ¬ 
ously  determine. 

“What’s  happening  is  we’re  doing  a  better  job  with  logging  and 
understanding  situations,”  says  Ron  Woerner,  former  information 
security  manager  at  ConAgra  Foods,  now  security  engineering 
consultant  at  TD  Ameritrade.  “For  a  while,  I  think,  ignorance  was 
bliss.  Now,  with  all  the  technology  in  place,  we’re  learning  that  we 
all  have  the  same  problems.” 

Here’s  how  building  a  security  infrastructure  can  lead  to  more 
employees  named  as  culprits  in  security  incidents.  A  CISO  is  hired. 
He  has  the  tools  to  investigate  internal  network  anomalies  and  the 
authority  to  ask  business  unit  leaders  to  provide  him  with  infor¬ 
mation  for  an  investigation.  His  deployment  of  user-monitoring 
tools  helps  him  identify  insider  threats.  Then  he  centralizes  secu¬ 
rity  information  management  software  that  automatically  detects 
anomalous  network  behavior.  Then  maybe  he  adds  a  periodic  risk 
assessment  process  (another  trend  on  the  rise,  according  to  the 
survey)  and  suddenly  his  office  is  finding  previously  unknown 
vulnerabilities  being  exploited.  Perhaps  he  adds  an  anonymous 
e-mail/hotline  function  for  whistle-blowers.  With  all  of  this  and 
more  in  place,  a  company  has  increased  its  odds  of  detecting  secu¬ 
rity  incidents. 

But  here’s  an  odd  paradox:  Despite  the  massive  buildup  of  peo¬ 
ple,  process  and  technology  during  the  past  five  years,  and  fewer 
people  reporting  zero  incidents,  40  percent  of  respondents  didn’t 
know  how  many  incidents  they’ve  suffered,  up  from  29  percent 
last  year. 

The  rate  of  “Don’t  know”  for  the  type  of  incident  and  the  primary 
method  used  to  attack  also  spiked. 
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Save  Power.  Save  Space. 

Save  Money.  Save  the  Planet. 
(Be  an  IT  Hero.) 

See  how  Sun's  new  Eco  Innovation  Initiative  can  help  you  cut  your 
energy  costs  by  60%,  increase  your  server  efficiency  by  as  much  as 
85%  and  consolidate  your  data  centers  by  up  to  75%,  all  with  a  simple 
3-step  approach:  assess,  optimize  and  virtualize.  With  open  source 
Solaris’,"  virtualization  is  free,  making  it  easier  for  you  to  get  maximum 
utilization  of  your  resources.  See  how  faster  can  be  cooler,  better  can 
be  cleaner  and  cheaper  can  be  greener. 


Good  for  your  business.  Good  for  our  planet. 


Get  energy-efficient  systems  at  sun.com/ecoinnovation. 
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What  You  Don't  Know... 

Could  Fill  Volumes 

□  IDunno 

Increasingly,  those  involved  in  information  security  reply  “Don't  know” 
when  asked  about  the  number  and  nature  of  security  incidents. 


2006 

2007 

2007  CS0/ 
CIS0 

Number  of  incidents 

29% 

40% 

29% 

Type  of  attack 

26% 

45% 

32% 

Primary  method  used 

26% 

33% 

20% 

It  doesn’t  bode  well  that  after  years  of  buying  and  installing 
systems  and  processes  to  improve  security,  close  to  half  of  the 
respondents  didn’t  have  a  clue  as  to  what  was  going  on  in  their 
own  enterprises.  But  when  close  to  a  third  of  CSOs  and  CISOs,  who 
presumably  should  have  the  most  insight  into  security  incidents, 
said  they  don’t  know  how  many  incidents  they’ve  suffered  or  how 
these  incidents  occurred,  that’s  even  worse. 

The  truth  is,  systems,  processes,  tools,  hardware  and  software, 
and  even  knowledge  and  understanding  only  get  you  so  far.  As 
Woemer  puts  it,  “When  you  gain  visibility,  you  see  that  you  can’t  see 

Conventional 
Wisdom 

Five  truths  that  have  emerged  from 
five  years  of  the  "Global  State  of 
Information  Security"  survey 

fter  five  years  of  conducting  the  “Global 
State  of  Information  Security”  survey, 
we  have  noted  some  critical  trends  in 
information  security.  We’ve  also  uncovered  non¬ 
trends— numbers  that  remain  so  constant  and 
predictable  that  we  can  now  call  them  conven¬ 
tional  wisdom.  Here,  then,  are  five  pieces  of  wis¬ 
dom  based  on  numbers  in  the  survey  that  never 
seem  to  change. 

Spending  lags.  You’re  always  about  10  percent 
happier  with  security  policy’s  alignment  with  the 
business  than  you  are  with  security  spending’s 
alignment.  Over  the  years,  roughly  85  percent 
of  you  have  said  that  your  security  policies 
are  completely  or  somewhat  aligned  with  the 
business,  while  just  75  percent  said  that  about 
spending.  After  all,  who  doesn't  want  more 
money? 

Partners  too.  You’re  more  confident  in  your 
own  security  than  that  of  your  partners,  sup¬ 
pliers  and  vendors.  Once  again,  around  80 
percent  to  85  percent  of  you  were  either  very  or 


all  the  potential  problems.  You  see  that  maybe  you  were  spending 
money  securing  the  wrong  things.  You  see  that  a  good  employee 
with  good  intentions  who  wants  to  take  work  home  can  become  a 
security  incident  when  he  loses  his  laptop  or  puts  data  on  his  home 
computer.  There’s  so  much  out  there,  it’s  overwhelming.” 

Woerner  and  others  believe  that  the  security  discipline  has  so 
far  been  skewed  toward  technology— firewalls,  ID  management, 
intrusion  detection— instead  of  risk  analysis  and  proactive  intel¬ 
ligence  gathering. 

If  most  of  the  investment  has  been  put  into  technology,  most  of 
the  return  will  come  from  there  too.  The  tools  will  do  their  job.  They 
will  tell  you  what’s  happening  and  block  the  most  ham-fisted  attacks. 
But  technology  is  largely  reactive.  It  provides  alarms  and  ex  post 
facto  reports  of  anomalies.  Intrusion  detection,  for  example,  is  not 
terribly  effective  at  threat  intelligence— understanding  the  nature 
of  vulnerabilities  before  they  affect  you.  All  IDS  boxes  know  is  that 
some  preset  rule  has  been  broken.  Think  of  a  glass  break  sensor  on 
a  window  at  a  museum.  That  piece  of  technology  is  extremely  effec¬ 
tive  at  telling  you  that  someone  broke  the  window;  it  does  nothing 
to  explain  how  and  why  a  painting  was  stolen,  nor  can  it  help  you 
prevent  the  next  window  from  being  broken  and  the  next  painting 

from  being  snatched. 

Furthermore,  even  a  cur¬ 
sory  look  at  security  trends 
demonstrates  that  adver¬ 
saries,  be  they  disgruntled 
employees  or  hackers,  have 
far  more  sophisticated  tools 
than  the  ones  that  have  been 
put  in  place  to  stop  them. 
Antiforensics.  Mass  distribu¬ 
tion  of  malware  through  com¬ 
promised  websites.  Botnets. 
Keyloggers.  Companies  may 
have  spent  the  past  five  years 
building  up  their  security 
infrastructure,  but  so  have  the 
bad  guys.  Awareness  includes 
a  new  level  of  understanding 
of  how  little  you  know  about 
how  the  bad  guys  operate.  As 
arms  races  go,  the  bad  guys 
are  way  ahead. 

Why  You  Have 
to  Change  Your 
Strategy 

What  can  be  done  about  all 
this?  Be  strategic.  Security 
investment  must  shift  from 
the  technology-heavy,  tac¬ 
tical  operation  it  has  been 
to  date  to  an  intelligence¬ 
centric,  risk  analysis  and 


somewhat  confident  in  your  security,  but  when 
you  were  asked  about  partners  and  vendors,  the 
number  dropped  to  between  70  percent  and  75 
percent.  Remember,  you’re  someone’s  partner 
and  he's  not  too  thrilled  about  you  either. 

Few  are  cocky.  About  one  in  12  of  you  think 
very  highly  of  yourselves.  Since  2003,  the  num¬ 
ber  of  respondents  who  claimed  100  percent  of 
their  users  were  in  compliance  with  their  secu¬ 
rity  policies  hovers  around  8  percent. 

Size  doesn't  matter.  Company  size  does  not 
affect  spending.  When  the  information  security 
budget  is  measured  as  a  percentage  of  the  IT 
budget,  it  remains  constant  no  matter  how  many 
employees  a  company  has  or  what  its  revenues 
are.  Size  of  company  matters  less  in  security 
spending  than  in  industry.  Technology  compa¬ 
nies  spend  the  most;  nonprofits  and  educational 
enterprises  spend  the  least. 

Banks  lead.  Financial  services  companies 
are  attacked  more  but  suffer  less.  Over  the 
years,  respondents  in  the  money  business  have 
reported  more  security  incidents  without  an 
appreciable  increase  in  losses  or  downtime  as 
a  result.  They  do  this  despite  not  having  sig¬ 
nificantly  larger  security  budgets  than  others. 
The  financial  sector  models  best  practices.  See 
www.cio.com/article/11691/The_Global_State_ 
of_lnformation_Security/5.  -S.B. 
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Elevate 

your  Return  on  Outsourcing 

with  a  360-degree  View 

Executive  Summary: 

Properly  executed,  an  outsourcing  relationship  yields  business  benefits  far  be¬ 
yond  labor  savings.  An  outsourcing  partner  can  help  an  enterprise  identify  and 
act  on  additional  objectives  that  must  be  measured  in  concert  with  cost  savings 
to  fully  understand  return  on  outsourcing  (ROO).  Read  this  white  paper  to  learn 

Why  ROO  is  crucial  for  your  organization 
Which  factors  should  be  considered  in  your  ROO  analysis 
How  Cognizant's  ROO  methodology  can  help  you  make  the  right  decision 


Your  company,  like  most,  is  probably  working  with  various 
IT  service  firms  on  a  wide  array  of  IT  projects.  The  reasons 
for  outsourcing  some  elements  of  IT  were  fairly  simple: 
too  many  requests  and  not  enough  talent  and  dollars 
to  keep  business-critical  information  seamlessly  flowing 
across  the  enterprise.  So  you  outsourced  applications 
testing,  maintenance  or  infrastructure  management  -  IT’s 
low-hanging  fruit  -  to  the  lowest-cost  provider. 

It's  been  a  few  years  since  you  signed  on  the  bottom 
line,  and  you  believe  that  these  third  parties  are  saving 
your  company  vast  sums  of  money  or  that  they  are  the 

right  strategic  partners. 
In  fact,  you  were  so  con¬ 
vinced  that  their  armies 
of  experienced  IT  pro¬ 
fessionals  would  deliver 
the  cost-savings  goods 
that  you  haven't  really 
conducted  a  deep  dive 
into  the  true  returns  of 
outsourcing  since  the 
contract  was  signed. 

The  times  they  are  a-changin'.  Enterprises  worldwide  and 
across  every  industry  seek  not  only  to  contain  IT  costs  but 
also  to  find  ways  to  fill  skills  gaps  that  have  undermined 
their  ability  to  innovate. 

Historically,  outsourcing  IT  was  predicated  on  cost  savings 
associated  with  labor  arbitrage  -  supplementing  internal 
IT  staff  with  lower-cost  programming  and  infrastructure 
management  resources.  Today's  deals  are  different.  As  IT 
services  firms  have  expanded  their  footprints  with  delivery 
centers  on  nearly  every  continent,  they  have  expanded 
their  domain  and  technology  expertise  across  nearly 
every  market  segment.  Aware  of  this  brimming  expertise, 
enterprises  engage  IT  services  companies  to  help  build  or 
extend  applications  for  competitive  advantage. 


Enterprises  worldwide  and 
across  every  industry  seek  not 
only  to  contain  IT  costs  but 
also  to  find  ways  to  fill  skills 
gaps  that  have  undermined 
their  ability  to  innovate. 


Empirical  research  underscores  how  outsourcing  has 
become  more  than  a  cost  savings  game.  Annual  surveys 
conducted  by  Duke  University  show  that  although  busi¬ 
nesses  continue  to  cite  labor  and  other  costs  as  the  leading 
reasons  for  outsourcing,  other  factors  are  driving  strategic 
IT  services  partnerships.  Access  to  qualified  personnel  (up 
26  percent  since  2005),  growth  strategy  (up  13.5  percent) 
and  business  process  redesign  (up  47  percent)  are  emerg¬ 
ing  as  drivers  in  offshore  outsourcing  decisions.1 

One  company  that  recently  cemented  its  sourcing 
relationship  to  accelerate  business  innovation  is  Kimberly- 
Clark  Corp.,  the  $17  billion  Dallas-based  consumer  and 
health  care  products  firm.  Under  a  multiyear  partnership, 
Cognizant,  a  global  services  provider  based  in  Teaneck, 
New  Jersey,  will  assume  management  of  much  of 
Kimberly-Clark's  applications  portfolio,  according  to  Dennis 
Haltinner,  director  of  strategy,  architecture,  innovation 
and  compliance  for  Kimberly-Clark. 

"There  certainly  is  some  cost  savings  potential,  but  we 
also  looked  for  something  that  can  give  us  more  flexibility 
and  allow  us  to  move  quickly  into  new  directions  and  give 
us  insight  into  the  best  practices  in  the  industry,"  says 
Haltinner.  "Really  being  intimate  with  our  customers, 
growing  the  top  line,  driving  innovation  in  our  products  -  I 
want  the  retained  IT  organization  to  focus  on  those  things. 
I  want  them  sitting  with  the  business  units  and  driving  our 
plans.  I  want  Cognizant  to  worry  about  the  rest.” 

To  make  the  transition  beyond  labor  arbitrage,  however, 
enterprises  need  a  clear,  360-degree  view  of  outsourcing 
that  extends  beyond  cost  savings.  Most  enterprises,  unfor¬ 
tunately,  lack  not  only  a  solid  sense  of  the  cost  of  IT  but 


This  special  report  is  the  first  in  a  regular  series 
dedicated  to  helping  executives  make  informed  choices 
about  outsourcing  by  providing  guidance  on  the  tools 
and  techniques  they  can  use  to  evaluate  their  potential 
return  on  outsourcing. 

Next  installment:  "How  to  Measure  the  Return  on 
Outsourcing.” 
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Cognizant  Insights  #1:  ROO  Defined 


Questions  about  ROO? 

Send  your  query  to 
roo@coqnizant.com. 

We'll  answer  frequently 

combines  offshore  development  asked  questions  in  a  future 

and  local  consulting  to  help  installment  of  this  series, 
clients  execute  their  IT  strategy 
and  achieve  desired  outcomes.  Unlike  some  offshore 
competitors,  Cognizant  establishes  a  close  on-premises 
relationship  with  clients  via  its  Two-in-a-Box™  model. 

With  Two-in-a-Box,  Cognizant  embeds  at  the  client  site 
an  experienced,  dedicated  relationship  manager  who  is 
tasked  with  fully  understanding  the  client’s  business  and 
ensuring  that  the  IT  services  strategy  aligns  tightly  with 
organizational  objectives.  This  relationship  manager  also 
works  closely  with  Cognizant's  delivery  teams  worldwide 
to  ensure  that  the  IT  services  are  delivered  on  spec,  on 
time  and  within  budget,  and  are  always  in  sync  with  the 
pulse  of  the  organization.  Cognizant's  Transform  While 
Perform  (TwP)™  framework  enables  clients  to  first  reduce 
operational  costs  by  outsourcing  noncore  IT  activities  and 
to  then  apply  the  savings  to  driving  top-line  growth. 

Forrester  recently  said  of  Cognizant,  "Among  leading  Indian 
offshore  firms,  Cognizant  received  the  highest  overall  grade 
for  cultural  fit  while  remaining  price-competitive/'2 

An  outsourcing  decision,  like  any  other  key  technology 
initiative,  calls  for  a  long-term  analysis  of  business  goals 
and  of  the  impact  of  missed  opportunities.  Outsourcing 
provides  operational  efficiencies  but  also  opens  the  door 
for  optimizing  IT  resources  that  support  business  process 
renovations  or  innovations  that  boost  the  top  line. 

1  "Next-Generation  Offshoring:  The  Globalization  of  Innovation,"  Duke  Univer¬ 
sity/Archstone  Consulting  Offshoring  Research  Network  2004  and  2005  U.S. 

Surveys,  and  Duke  University/Booz  Allen  Hamilton  Offshoring  Research  Network 
2006  U.S.  Survey. 

2  “The  Forrester  Wave:  North  American  Applications  Outsourcing  01  2007," 

Forrester  Research,  Inc.,  William  Martorelli,  March  2007. 


also  how  IT  contributes  to  business  objectives.  Therefore, 
businesses  need  to  conduct  a  return  on  outsourcing  (ROO) 
analysis  that  defines  initial  cost  savings  and  the  business 
impact  outsourcing  has  today  and  could  have  in  the  long 
term.  An  ROO  analysis  must  draw  on  the  experience  and 
insight  of  a  services  provider  to  gain  an  independent, 
sweeping  view  of  the  underlying  costs  for  delivering  enter¬ 
prise  IT  and  the  potential  for  savings  and  business  gain. 

"The  ROO  analysis  helps  not  only  to  structure  the  out¬ 
sourcing  partnership  but  also  to  manage  the  relationship, 
guide  any  necessary  course  correction  and  measure  the 
benefits  over  the  years  of  the  deal,"  says  Malcolm  Frank, 
senior  vice  president  of  Cognizant. 

Today,  it's  all  about  infusion  of  IT  talent,  business  and 
technology  skills,  relevant  experiences  and  domain 
insights  -  an  insourcing  partnership  -  that  can  help  the 
IT  organization  efficiently  deliver  services  that  meet  or 
exceed  today's  business  goals  and  anticipate  tomorrow’s 
requirements,  Frank  notes. 

ROO  is  about  measuring  how  a  modern  applications  in¬ 
frastructure  can  increase  operational  agility  and  how  this 
translates  into  top-line  gains  that  are  unattainable.  More¬ 
over,  it  means  being  able  to  calculate  the  seemingly  incalcu¬ 
lable:  the  role  your  partner's  best  IT  practices  and  domain 
expertise  have  in  creating  a  flexible  and  formidable  IT  infra¬ 
structure.  It  also  enables  collaborative  planning  -  adjusting 
your  IT  service  partner's  emphasis  on  certain  projects  and 
tactics  -  to  drive  even  better  business  outcomes. 

An  ROO  analysis  can  also  identify  the  likely  business 
benefit  earlier  in  the  engagement.  It  helps  clients  avoid 
predicaments  that  have  dogged  outsourcing  deals  in 
years  past:  the  belated  realization  that  an  outsourcing 
partnership  isn't  delivering  expected  cost  savings  and 
operational  improvements. 

Cognizant  can  help  a  customer  identify  the  benefits  of 
an  outsourcing  partnership  and  execute  an  ROO  analysis 
that  will  define  the  financial  and  operational  benefits  of 
outsourcing  as  well  as  the  business  value  from  a  long-term 
relationship.  The  company  achieves  this  with  the  aid  of  a 
proprietary  methodology,  benchmark  data  and  an  analyti¬ 
cal  tool  that  provides  a  baseline  assessment  of  a  client's 
spending  and  IT's  alignment  with  business  objectives.  The 
tool  is  based  on  the  vendor-independent  Total  Economic  Im¬ 
pact™  methodology  of  Forrester  Research,  Inc.,  for  compar¬ 
ing  the  current  and  projected  performance  of  a  client  over 
time  within  its  vertical  industry  or  across  industries  and  for 
understanding  the  best  practices  in  IT  service  delivery. 

The  Cognizant  Advantage 

Leveraging  over  13  years  of  experience  in  global  IT  service 
delivery  to  clients  industrywide,  Cognizant  seamlessly 


About  Cognizant 

Headquartered  in  Teaneck,  New  Jersey,  Cognizant  is  a  leading 
provider  of  IT  and  business  process  outsourcing  services. 
Focused  on  delivering  strategic  information  technology 
solutions  that  address  the  complex  business  needs  of  its 
clients,  Cognizant  applies  a  unique  on-site/offshore  model  to 
deliver  applications  management,  development,  integration, 
and  reengineering;  infrastructure  management;  business 
process  outsourcing;  and  numerous  related  services,  such 
as  enterprise  consulting,  technology  architecture,  program 
management  and  change  management. 

For  additional  resources,  visit  www.cognizant.com/go/roo. 

Cognizant 

Passion  for  building  stronger  businesses 
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“We  have  to  start  addressing  the  human  element  of  information 
security,  not  just  the  technological  one.” 

-Ron  Woerner,  security  engineering  consultant,  TD  Ameritrade 


mitigation  philosophy. 

Information  and  security  executives  should,  for  example,  be  put¬ 
ting  their  dollars  into  industry  information  sharing.  “Collabora¬ 
tion  is  key,”  says  Woerner.  They  should  invest  in  security  research 
and  technical  staff  that  can  capture  and  dissect  malware,  and  they 
should  troll  the  Internet  underground  for  the  latest  trends  and 
leads.  Dozens  of  security  companies  do  just  this  and  provide  sub¬ 
scriptions  to  research  services. 

“We  have  to  start  addressing  the  human  element  of  information 
security,  not  just  the  technological  one,”  says  Woerner.  It’s  only  then 
that  companies  will  stop  being  punching  bags.  Only  then  will  they 
be  able  to  hit  back. 

IT  Strikes  Back 

Speaking  of  striking  back,  the  2007  security  survey  shows  a 
remarkable  (some  might  say  troubling)  trend. 

The  IT  department  wants  to  control  security  again. 

In  the  first  year  of  collaboration  on  this  survey  (see  wzow.cio.com/ 
article/29841),  CIO,  CSO  and  PWC  noted  that  the  more  confident  a 
company  was  in  its  security,  the  less  likely  that  company’s  security 
group  reported  to  IT.  Those  companies  also  spent  more  on  security. 

The  reason  CIO  and  CSO  have  always  advocated  for  the  separation 
of  IT  and  security  is  the  classic  fox-in-the-henhouse  problem.  To  wit, 
if  the  CIO  controls  both  a  major  project  dedicated  to  the  innovative 
use  of  IT  and  the  security  of  that  project— which  might  slow  down 
the  project  and  add  to  its  cost— he’s  got  a  serious  conflict  of  interest. 
In  the  2003  survey,  one  CISO  said  that  conflict  “is  just  too  much  to 
overcome.  Having  the  CISO  report  to  IT,  it’s  a  death  blow.” 

And  every  year  after  that,  the  trend  was  for  the  security  function 
to  gain  increasing  autonomy.  More  security  executive  positions 
were  created.  More  decision-making  power  was  shifted  to  security 
and  away  from  IT.  And  more  security  groups  reported  to  functions 
outside  of  IT,  including  the  legal  department,  the  risk  department 
and,  most  significantly,  the  CEO.  The  trend  was  even  more  pro¬ 
nounced  at  large  companies. 

In  2007,  this  trend  didn’t  slow  down;  it  flipped.  What’s  more,  the 
reversal  was  most  pronounced  in  the  largest  companies.  For  example, 
respondents  chose  from  12  possible  functions  to  which  their  CISO 
could  report.  Those  12  functions  were  divided  into  three  categories: 

1.  IT  (CIO,  CTO) 

2.  Neutral  (board,  CEO,  CFO,  COO,  legal) 

3.  Security  (CSO,  risk,  security  committee, 

CPO,  audit). 

To  allow  respondents  to  select  more  than 
one  of  these  answers,  we  created  “shares”— 
the  percentage  of  respondents  with  some 
reporting  relationship  to  one  of  these  three 
categories.  Here  are  the  results. 


□  Reporting  to  IT 

Respondents  have  some  reporting  relationship  to  the  following  groups 


2006 

2007 

2007 

(>$1B  REVENUE) 

IT 

41% 

53% 

60% 

Neutral 

76% 

79% 

68% 

Security 

44% 

46% 

48% 

A 12  percent  rise  in  the  number  of  security  executives  reporting  to 
IT  is  hugely  significant.  And  when  you  slice  that  by  large  companies, 
it’s  a  19  percent  rise.  Notice,  too,  that  bigger  companies  show  fewer 
information  security  executives  reporting  to  neutral  functions. 

M.  Eric  Johnson,  an  economist  who  specializes  in  information 
security  issues  at  Dartmouth  College,  says,  “We  actually  analyzed 
the  org  charts,  and  the  solid-line  relationships  are  going  back  to  IT 
and  the  CIO.  CISOs  have  gobs  of  dotted  line  relationships,  but  IT 
is  dominating  reporting  structures  and  the  budgets.” 

Indeed,  the  trend  is  even  more  pronounced  when  you  follow 
the  money  trail. 


□  Security  Dollars  Come  from  IT 

Funding  for  information  security  comes  from  (could  check  more  than  one) 


Another  hallmark  of  an  evolved  security  function  is  its  conver¬ 
gence  with  physical  security,  usually  under  a  CSO.  This  makes 
sense  both  for  operational  efficiency  and  because  threats  are  becom¬ 
ing  more  converged.  Access  control  is  a  classic  example  of  conver¬ 
gence  paying  dividends.  By  combining  building 
access  and  network  access  in  one  system,  you 
save  money,  improve  efficiency  and  create  a  sin¬ 
gle  view  into  both  physical  threats  (illegal  entry) 
and  digital  ones  (illegal  network  access). 

And  for  four  years,  convergence  of  physical  and 
IT  security  steadily  increased.  Until  this  year. 


Mid-Market  Security 


The  mid-market  has  its  unique  chal¬ 
lenges  and  it's  increasingly  being  tar¬ 
geted  by  ONLINE  CRIMINALS.  Read  all 
about  it  at  www.cio.com/article/29098. 
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How  do  you  create  a  galaxy  of  project  talent? 


Promote  project  management  credentials  and  a  formal  career  path. 

Project  Management  Institute  helps  you  build  strong  teams  and  best  business  practices 
by  certifying  the  experience  and  knowledge  of  your  workforce.  And  our  formal  career 
paths  help  you  retain  and  promote  your  brightest  stars.  A  recognized  way  from  the  world’s 
leading  project  management  resource  to  increase  productivity,  efficiency  and  profitability. 

Accelerate  your  business  results  with  project  management.  Visit  us  at  PMI.org/advantage. 
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And  Furthermore. . . 

More  data  points  to  ponder  from  the  "Global 
State  of  Information  Security"  survey 

"Uh,  Boss?  Gan  We  Talk?" 

Are  security  and  IT  communicating  enough  with  the  CEO?  By 
comparing  their  answers,  we  find  some  startling  disconnects. 

□  What  the  Boss  Thinks;  What  You  Know 

CEOs  seem  to  think  their  enterprises  are  a  lot  more  secure 
(and  their  employees  more  reliable)  than  CIOs  and  security 
leaders  do.  Conversely,  CIOs  and  security  leaders  are  a  lot 
more  optimistic  about  their  budgets  than  are  their  CEOs. 


CEO 

CIO 

CISO/CSO/ 
INFOSEC  DIR. 

We’ve  had  fewer  than  10 
security  incidents 

74% 

65% 

53% 

We’ve  had  an  unknown 
number  of  incidents 

18% 

25% 

28% 

An  employee  or  former  employee 
was  the  source  of  the  incident 

44% 

71% 

83% 

We  do  not  conduct  enterprise 
risk  assessments 

31% 

21% 

13% 

Security  spending  will 
increase  in  ’07 

41% 

53% 

57% 

Spending  will  stay  the  same 

41% 

32% 

28% 

□  We  Need  to  Be  But  Are  Not  in  Compliance  With 

Again,  CEOs  are  far  more  confident  than  their  CIOs  and  security 
execs  that  their  enterprises  are  compliant.  Either  the  CEOs  are 
clueless,  or  the  people  who  should  know  aren’t  telling. 


CEO 

CIO 

CISO/CSO/ 
INFOSEC  DIR. 

HIPAA 

9% 

14% 

27% 

Sarbanes-Oxley 

9% 

20% 

32% 

State  privacy  breach  laws 

10% 

12% 

21% 

Privacy-Better,  But... 

Perhaps  because  of  the  sheer  number  of  incidents  involving  pri¬ 
vacy  breaches,  companies  have  improved  their  privacy  prac¬ 
tices.  They  are  increasingly  separating  privacy  from  security 
and  also  separating  security  governance  (which  would  take  part 
in  setting  privacy  policy)  from  tactical  security.  That  means,  for 
example,  the  people  deploying  monitoring  tools  aren’t  the  ones 
setting  the  usage  policy  for  those  tools. 

But  more  work  needs  to  be  done.  Some  of  the  key  steps  to 
ensuring  data  privacy— encrypting  databases,  classifying  data 
by  risk  level— haven’t  become  standard  practice.  The  industry 
least  likely  to  have  adopted  privacy  practices  is  technology.  A 
privacy  leader?  Consumer  banking. 


Who  Wants  to  Know? 
□  Privacy  Best  Practices 


EMPLOY 

CPO 

SEPARATE 
PRIVACY  & 
SECURITY 

SEPARATE 
SECURITY 
GOV.  &  OPS. 

CLASSIFY 
DATA  BY 
RISK 

Overall 

22% 

54% 

66% 

70% 

>$1B  revenue 

30% 

66% 

58% 

79% 

Financial  services 

33% 

64% 

60% 

80% 

Consumer  financial 

41% 

69% 

55% 

90% 

Retail 

14% 

51% 

66% 

58% 

Health  insurance 

53% 

73% 

49% 

81% 

Healthcare  provider 

49% 

72% 

65% 

64% 

Technology 

22% 

49% 

72% 

77% 

More  on  Privacy 

While  60  percent  of  survey  respondents  posted  privacy  policies 
internally,  only  24  percent  posted  policies  on  their  external  web¬ 
sites.  Only  28  percent  audited  their  privacy  standards  through 
a  third  party.  Sounds  like  a  cover-your-butt  ploy;  after  all,  if  you 
don’t  have  a  policy  posted,  you  can’t  be  sued  for  violating  or  not 
living  up  to  it.  And  if  you  haven’t  had  your  privacy  audited,  you 
don’t  have  to  fix  all  the  problems  an  audit  would  find. 

Respondents  who  do  not  keep  an 
accurate  inventory  of  user  data:  69% 

Respondents  who  do  not  keep  an 

accurate  inventory  of  where  data  is  stored:  67% 

Region  of  Risk 

One  of  the  areas  of  the  world  where  the  focus  on  information 
security  has  intensified  is  Latin  America,  specifically  Brazil  and 
Mexico.  Researchers  and  law  enforcement  believe  that  cultural 
differences  in  acceptance  of  less-secure  online  transaction  meth¬ 
ods  and  fewer  controls  and  regulations  on  banking  activity  have 
made  the  region  the  banking  center  of  choice  for  the  Internet 
criminal  underground.  Here  are  some  select  findings. 


INFOSEC 
BUDGET 
AS  %  OF  I.T. 
BUDGET 

DO  NOT 
CONDUCT 
RISK 

ASSESSMENT 

BUDGET  WILL 
RISE  MORE 
THAN  10% 

IN ’07 

>1DAY 

DOWNTIME 

Overall 

15% 

23% 

20% 

8% 

U.S.  and 

Canada 

12% 

19% 

16% 

7% 

South  America 

19% 

36% 

30% 

15% 

Brazil 

16% 

43% 

29% 

21% 

Mexico 

21% 

33% 

28% 

13% 

China 

19% 

32% 

26% 

13% 

India 

21% 

17% 

33% 

9% 
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CIO  Executive  Council. 

Leadership  Advancement  Pathways  offers  360-degree  assessment 
tools,  personalized  action  plans  and  CIO-led  courses  to  help  IT 
practitioners  who  want  to: 

improve  their  executive  leadership  competencies 

*Meet  the  evolving  demands  on  IT  leadership 

*Make  a  meaningful  contribution  to  the  success  of  their  business 

increase  their  career  advancement  potential 

Take  the  first  step  in  advancing  your  career. 

Apply  today  at  www.cioexecutivecouncil.com/pathways 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


The  CIO  Executive  Council  was  created  by  readers  of  CIO  magazine  and  leaders  within 
the  community  of  CIOs  to  leverage  the  individual  and  collective  strengths  of  its  members 
to  serve  as  unbiased  and  trusted  advisors  to  each  other,  and  to  advance  the  CIO 
profession  and  its  role  in  driving  shareholder  results  for  their  respective  organizations. 

In  just  three  short  years,  the  CIO  Executive  Council  has  grown  to  more  than  480  CIOs 
worldwide,  representing  executive  leadership  in  organizations  with  approximately  $2.5 
trillion  (USD)  in  annual  revenues. 

For  information  on  membership,  please  visit  www.cioexecutivecouncil.com. 
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The  CIO 
Pocket  MBA 

October  15-19, 2007 


Boston  University's  Executive  Leadership  Center 
Boston  University  School  of  Management 

For  complete  program  details  visit 
management.bu.edu/exec/ek/cio 


School  of  Management 


Sessions 
Presented  By 


\  Commitment  to  Excellence 

,  New  Era  In  Collaboration 

l/orld-Class  Education  with 
:eal  World  Application 


Boston  University  Scholars: 

N.  Venkat  Venkatraman 

and 

John  C.  Henderson 

and  other  distinguished  faculty 


Get  the  CIO  Pocket  MBA  Advantage 


•  Curriculum  developed  and  presented  by  world-renowned  thought 
leaders  from  Boston  University  and  in  cooperation  with  CIO  magazine 

•  Learn  best  practices  from  top  global  companies — learn  from  their 
successes  in  creating  value  through  information  systems 

•  Identify,  weigh  and  communicate  the  strategic  competitive 
advantages  shaping  information  technology  today 

•  Maximize  your  organization's  current  assets  of 
information  systems 

Topics  to  include: 

•  The  Network  Era:  Opportunities  and  Challenges 

•  Business  Finance  I:  Analysis  of  Financial  Statements 

•  Assessing  the  Strategic  Landscape 

•  Business  Finance  II:  Capital  Budgeting 

•  Managing  Disruption  and  Change 

•  Innovations  at  the  Edge:  The  New  Rules  of  the  Game 

•  Implementation:  Building  a  Strategy  for  Getting  Things  Done 

•  Leading  Change  Transformation 


Register  now  os  space  is  limited! 

management.bu.edu/exec/elc/cio 
Or  contact  us  directly  at: 

Phone:617-353-4248 
Email:  elc@management.bu.edu 

The  early  registration  discount  rate  for  this  program 
is  $4,245  if  you  register  before  September  14th. 
After  September  14th  the  registration  rate  for  this 
course  is  $4,995. 

Boston  University  Executive  Leadership  Center 
595  Commonwealth  Avenue 
Boston,  MA  02215 

Accommodations: 

Hotel  Commonwealth 
500  Commonwealth  Avenue 
Boston,  MA  02215 
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□  Physical  and  Information  Security 
Converge,  Then  Diverge 

Information  and  physical  security  are  separate 

REVENUE  $1B 
OVERALL  OR  MORE 

2003  71%  NA 

2004  50%  NA 

2005  47%  NA 

2006  25%  36% 

2007  46%  55% 


Information  and  physical  security  report  to  the  same  executive  leader 


OVERALL 

REVENUE  $1B 
OR  MORE 

2003 

11% 

NA 

2004 

26% 

22% 

2005 

31% 

24% 

2006 

40% 

33% 

2007 

34% 

27% 

Respondents  who  do  not  integrate 

physical  and  information  security  personnel:  69% 

Of  those,  percent  with  no 

plans  to  integrate  personnel:  80% 

Who's  in  Charge? 

Signs  of  IT’s  control  and  influence  are  peppered  throughout  the 
survey  results.  For  example,  when  asked  what  security  guidelines 
their  companies  followed,  respondents  were  far  more  likely— some¬ 
times  two  or  three  times  more  likely— to  cite  more  general  IT  guide¬ 
lines  like  ITIL  than  security-specific  ones  like  SAS  70  and  various 
ISO  security  standards. 

What’s  going  on  here?  Johnson  has  one  theory:  “Security  seems 
to  be  following  a  trajectory  similar  to  the  quality  movement  20  or 
30  years  ago,  only  with  security  it’s  happening  much  faster.  During 
the  quality  movement,  everyone  created  VPs  of  quality.  They  got 
CEO  reporting  status.  But  then  in  10  years  the  position  was  gone 
or  it  was  buried.” 

In  the  case  of  the  quality  movement,  Johnson  says,  that  may  have 


been  partly  because  quality  became  ingrained,  a  corporate  value, 
and  it  didn’t  need  a  separate  executive.  But  the  evidence  in  the  sur¬ 
vey  suggests  that  security  is  neither  ingrained  nor  valued.  It’s  not 
even  clear  companies  know  where  to  put  security,  which  would 
explain  the  “gobs  of  dotted  line”  reporting  structures. 

That  brings  us  to  another  theory:  organizational  politics.  What  if 
separating  security  from  IT  were  creating  checks  on  software  devel¬ 
opment  (not  a  bad  thing,  from  a  security  standpoint)?  What  if  all 
this  security  awareness  the  survey  has  indicated  actually  exposed 
the  typical  IT  department’s  insecure  practices? 

One  way  for  IT  to  respond  would  be  to  attempt  to  defang  secu¬ 
rity.  Keep  its  enemy  close.  Pull  the  function  back  to  where  it  can  be 
better  controlled. 

“What  I  hear  from  CIOs,”  says  Johnson,  “is  at  the  end  of  the  day 
they’re  responsible  for  failures  anyway.  They’re  on  the  line  whether 
security  is  separate  or  not.”  Why  wouldn’t  the  CIO  want  to  control 
something  he’s  ultimately  responsible  for? 

On  the  other  hand,  maybe  security  was  never  as  separate  as  it 
seemed.  Companies  created  CISO-type  positions  but  never  gave 
them  authority.  “I  continually  see  security  people  put  in  the  posi¬ 
tion  of  fall  guy,”  says  Woerner  of  TD  Ameritrade.  “Maybe  some  of 
that  separation  was,  subconsciously,  creating  a  group  to  take  the 
hit.”  Woerner  also  believes  that  the  trend  of  the  security  budget 
folding  into  the  IT  department  could  be  a  direct  result  of  security 
auditing  that  focuses  primarily  on  infrastructure.  That  is,  when 
auditors  look  at  information  security  weaknesses,  they  recommend 
technological  fixes.  And  IT  buys  the  technology.  Why  should  IT  be 
charged  for  another  department’s  expenses? 

Whatever  the  reason,  the  trend  is  disturbing  to  some  security 
professionals,  especially  at  a  time  when  they  play  an  ever  more 
central  role  in  corporate  crises,  and  in  society  in  general. 

The  state  of  Internet  security  is  eroding  quickly.  Trust  in  online 
transactions  is  evaporating  and  it  will  require  strong  security 
leadership  for  that  trust  to  be  restored.  For  the  Internet  to  remain 
the  juggernaut  of  commerce  and  productivity  it  has  become  will 
require  more,  not  less,  input  from  security. 

But  right  when  the  best  and  brightest  security  minds  are  needed 
most,  they’re  being  valued  less.  QE1 


Scott  Berinato  ( sberinato@cxo.com )  is  executive  editor  of  CSO. 


METHODOLOGY  The  ‘‘Global  State  of  Information  Security  2007”  survey,  a 
worldwide  study  by  CIO,  CSO  and  PricewaterhouseCoopers,  was  conducted 
online  from  March  6, 2007,  through  May  4,  2007.  Readers  of  CIO  and  CSO 
and  clients  of  PricewaterhouseCoopers  from  around  the  globe  were  invited 
via  e-mail  to  take  the  survey.  The  results  shown  in  this  report  are  based  on 
the  responses  of  7,200  CEOs,  CFOs,  CIOs,  CSOs,  VPs  and  directors  of  IT 
and  IS,  and  security  and  IT  professionals  from  more  than  100  countries. 
Thirty-six  percent  of  the  respondents  were  from  North  America,  followed 
by  Europe  (28%),  Asia  (23%),  South  America  (12%)  and  the  Middle  East 
and  South  Africa  (2%).  The  margin  of  error  for  this  study  is  +/- 1%. 
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FINANCE  &  IT 

WORKING  TOGETHER  TO  KEEP  THE  BAD  GUYS  OUT 


TOSHIBA  MFPs  bring  a  perfect  balance  of  security  and  affordability  into  the  workplace.  The  folks  in  IT  will  love 
the  new  Smartcard  technology  because  it  ensures  user  authentication  with  an  ID  card.  And  the  good  people  in  finance 
will  feel  safe  in  knowing  that  Toshiba  MFPs  exceed  all  government  mandates  for  controlling  access  and  data  integrity. 
Talk  about  a  secure  relationship.  Visit  us  at  copiers.toshiba.com  to  download  our  white  paper  on  security. 
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Governor  Sonny  Perdue 

says  Georgia's  informa¬ 
tion  technology  should 
be  "functional,  efficient 
and  productive.” 


View  from  the  Top 


As  a  small  business  owner,  Georgia  Gov.  Sonny  Perdue  was  an 
early  adopter.  But  he  won’t  deploy  the  latest  technology  for  his 
state  just  because  it’s  cool.  It  has  to  work  for  his  constituents. 


BY  STEPHANIE  OVERBY 


Georgia  Republican  governor  Sonny  Perdue  has  been  many  things: 

crop  duster  pilot,  football  quarterback,  Air  Force  captain,  veterinarian 
and  agribusiness  entrepreneur.  He’s  also  a  bit  of  a  geek. 

As  a  veterinary  student  at  the  University  of  Georgia,  Perdue  loved  physics  but  did  most  of  his 
calculations  on  a  slide  rule.  He  didn’t  get  his  first  electronic  calculator  until  after  he  graduated  in 
1971,  but  once  he  got  his  hands  on  one,  he  was  hooked.  “I  was  just  mesmerized  by  the  power,”  says 
Perdue.  Several  years  later,  he  set  up  his  first  client-server  system  for  his  own  grain  commodities 
business.  The  application  that  ran  on  the  network  was  written  in  Unix,  and  the  man  who  would 
become  governor  in  2003  quickly  became  proficient  using  the  VI  text  editor. 

Technology  remains  front  and  center  for  Perdue  (now  in  his  second  term),  who  in  his  campaign 
promised  to  run  Georgia  like  a  business.  Taxpayer  demand  for  the  public  sector  to  use  IT  to  improve 
its  effectiveness,  efficiency  and  openness  has  never  been  stronger,  although  there’s  debate  in  Georgia 
concerning  Perdue’s  contributions  to  such  change  thus  far.  He  says  technology  is  the  key  to  creating 
a  state  government  that  is  “principle-centered,  customer-friendly  and  results-driven.”  But  although 
he  sees  himself  as  an  early  adopter,  he  says  his  gubernatorial  role  dictates  that  he  approach  new 
technologies  as  a  “value-driven  functionalist”  concerned  primarily  with  what  works. 

Perdue  recently  spoke  with  CIO  Senior  Editor  Stephanie  Overby  about  the  power  and  limits  of 
IT,  why  he  chose  a  businessperson  rather  than  a  technologist  for  Georgia’s  CIO  and  why  the  private 
sector  sometimes  does  a  better  job  providing  public  services  than  the  public  sector. 

CIO:  You’ve  been  using  computers  as  business  tools  for  some  30  years.  How  do  you  feel  about 
technology? 

Gov.  Sonny  Perdue:  I  realized  very  quickly  the  power  the  personal  computer  could  have.  I  also 
realized  that  we  needed  to  share  data  within  my  business,  so  I  was  not  for  a  standalone  system. 
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View  From  the  Top 


“  I  wanted  a  business  leader  [to  run  IT]  because  the  job  is  not  simply 
about  technology.  Technology  is  the  tool  that  we  use  for  improving 
business  processes  and  for  business  productivity.  I  don’t  think  you 
have  to  be  a  technologist  to  know  what  the  application  of  technology 

tO  business  processes  can  achieve.  -Georgia  Gov.  Sonny  Perdue 


Our  first  computer  system  was  the  Radio  Shack 
Xenix  multi-user  system  [Microsoft’s  version  of 
Unix],  with  dumb,  green  terminals  connected  to 
a  central  server.  I  think  I  ran  my  business  for  a 
number  of  years  on,  probably,  a  100-meg  hard 
disk.  I  actually  became  fairly  proficient  in  VI  and 
the  visual  editor  for  Unix  and  spent  hours  on  the 
phone  with  a  college  in  South  Carolina  playing 
around  with  how  we  could  make  our  businesses 
more  technologically  proficient. 

I  remember  when  e-mail  came  along  and  we 
used  it  through  the  dial-up  server  at  Georgia 
Tech.  So  I  consider  myself  an  early  adopter.  But  I 
also  want  something  to  operate  well.  That  doesn’t 
always  mean  having  the  latest,  greatest  toy. 

What  makes  you  think  that  running  state 
government  like  a  business  is  a  good  idea? 

And  what  role  does  IT  play? 

The  primary  business  principle  I  wanted  to 
bring  [to  state  government]  was  fact-based  deci¬ 
sion  making.  Heretofore,  I  think  our  state  had 
been  run  on  a  lot  of  emotional,  political,  “who’s- 
in-power”  decisions  rather  than  on  data.  I  don’t 
consider  myself  particularly  gifted  from  an 
intuitive  standpoint.  Therefore,  I  have  to  rely  on  data  and  facts  to 
make  decisions. 

I  look  at  data  as  a  compass,  not  as  a  map.  We  know  that  we  want 
a  more  educated,  healthy,  growing  and  safe  state,  but  what  are  the 
data  points  that  we  need  to  achieve  those  things? 

The  metrics  in  our  state  were  in  very  poor  shape.  The  very  fact 
that  a  state— a  $20  billion  business— did  not  even  know  how  many 
automobiles  it  had,  who  was  driving  them,  what  they  were  being 
used  for;  that  we  had  no  consolidated  database  of  the  property  we 
owned...well,  from  the  perspective  of  a  CEO  or  manager,  if  you  don’t 
know  where  your  fixed  assets  are  and  what  their  return  on  invest¬ 
ment  is,  you  have  no  basis  on  which  to  make  decisions  for  the  future. 
I  think  that  was  a  distinction  I  offered:  a  commitment  to  make  deci¬ 
sions  that  would  be  customer-friendly,  results-driven,  data-driven 
and  serve  people. 

Are  there  limits  to  your  ability  to  run  Georgia  like  a  business, 
based  on  data? 

We  have  to  do  some  things  for  which  there’s  no  profit  incentive. 


But  I  like  to  think  there’s  always  a  value  incentive 
for  our  state  and  our  citizens.  The  dividends  may 
not  be  monetary.  They  may  be  better  education, 
better  infrastructure,  better  roads,  better  schools 
and  better  health  care.  Those  are  all  value  choices 
that  depend  on  policy  decisions  based  on  good 
information.  And  how  do  you  get  that?  You’ve 
got  to  have  gauges— technological  processes  and 
procedures— in  place  where  you  can  measure  and 
manage  where  you  are. 

Can  you  share  some  specific  examples  of  a 
problem  in  Georgia  that  had  a  technology- 
enabled  solution? 

One  that  we’re  most  proud  of  is  an  award-win¬ 
ning  Web-based  system,  Georgia’s  Building,  Land 
and  Lease  Inventory  of  Property.  It’s  a  Web-based 
GIS  system  that  sorts  information  having  to  do 
with  buildings,  land  and  leases  by  many  different 
data  points  (for  instance,  where  the  land  that  we 
own  is,  for  what  purpose  it’s  being  used,  cost  per 
square  foot).  It’s  been  a  huge  resource  by  which 
we  could  improve  our  space  management,  to 
decide  where  our  divergent  group  of  operations 
needs  to  be  and  how  we  could  provide  synergy 
in  certain  communities.  In  some  counties  we  had  40  to  50-plus 
separate  leases  for  different  functions.  This  system  gives  us  an 
opportunity  to  coordinate  those,  collaborate  and,  we  believe,  be 
more  effective  and  efficient. 

Let’s  say  that  we  have  an  agency  that’s  looking  to  lease  a  building 
in  a  particular  area  of  Georgia.  Our  state  property  officers  go  to  [the 
agency  managers  in]  that  county  and  say,  Were  you  aware  that  we 
already  had  10,000  square  feet  of  spare  space  down  there?’  You 
use  that  data  to  make  decisions  about  space  management  rather 
than  doing  things  ad  hoc. 

Why  wasn’t  something  like  that  put  in  place  sooner? 

Good  question.  Transparency  of  information  has  not  always  been 
fondly  accepted  in  political  environments.  I  believe  if  you’re  going  to 
run  a  government,  the  more  information  that’s  out  there,  the  more 
opportunity  there  is  for  doing  better.  Many  times  Republicans  get 
accused  of  being  more  close-minded  [about  transparency].  But  I’ve 
felt  there  are  advantages  in  running  a  very  transparent  government, 
and  technology  is  one  of  the  ways  you  can  be  extremely  transparent. 


State  of  Georgia 


2007  budget 

$18.7  billion 


Employees 

162,200 


CIO 

Patrick  Moore,  Executive 
Director,  Georgia 
Technology  Authority 


IT  employees 

550 


2007  IT  budget 


$174  million 
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Need  people 
who  know  technology 
that  didn’t  exist  yesterday? 

What  do  you  do? 


Your  industry  can  change  from  one  day  to 
the  next.  At  Manpower  Professional,  our  IT 
recruiters  can  help  you  find  the  highly  skilled 
professionals  you  need  to  keep  up  with  that 
change.  Whether  it’s  a  permanent  placement 
or  contract  assignment,  a  single  network 
administrator  or  a  whole  team  of  business 
analysts.  Discover  what  tomorrow  will  bring. 

manpowerprofessional.com/next 


Manpower 

Professional 


<ti>  Manpower  Inc. 
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View  From  the  Top 


“Transparency  of  information  has  not  always  been  fondly  accepted  in 
colitical  environments.  I  believe  if  you 're  going  to  run  a  government, 
:he  more  information  that’s  out  there,  the  more  opportunity  there  is 

fordoing  better.”-Sonny Perdue 


The  Georgia  Technology  Authority  (GTA),  the  state’s  central  IT 
organization,  was  created  in  2000.  What  was  your  opinion  of  the 
GTA  when  you  took  office?  Did  you  make  any  changes  there? 

I  was  in  the  state  Senate  and  voted  for  it  when  it  was  created.  I 
viewed  it  as  an  enterprisewide  authority  that  could  be  an  internal 
consultant  for  our  agencies  in  areas  of  technology  and  how  to  be 
more  productive.  The  real  benefit  of  technology,  I  think,  is  produc¬ 
tivity,  and  the  GTA  was  created  to  get  us  all  on  some  consistent 
standards  and  consistent  platforms  to  manage  the  collective  data 
that  we  had  in  the  state,  and  to  do  that  in  a  very  safe,  secure  envi¬ 
ronment.  When  I  became  governor,  I  found  that  organization  was 
morphing  into  more  of  an  operational  entity,  doing  some  things 
that  the  private  sector  did  well. 

For  example,  GTA  was  responsible  for  all  aspects  of  operating 
the  state’s  wide  area  network  (WAN).  It  built  and  owned  some  of 
the  infrastructure  itself  and  leased  other  components  from  several 
different  private-sector  providers.  Being  able  to  finance  upgrades  to 
newer  technology  is  just  one  of  the  challenges  GTA  faced.  In  2004, 
GTA  outsourced  the  state  WAN  to  BellSouth  (now  AT&T).  GTA 
can  focus  on  vendor  management  of  the  WAN  instead  of  service 
delivery.  Its  staff  makes  sure  the  service  provider  meets  contractual 
obligations,  and  AT&T  is  responsible  for  delivering  services  and 
upgrading  WAN  technology. 

The  leadership  I’ve  placed  over  there  now  is  Patrick  Moore,  a 
young  man  with  an  MBA  from  the  University  of  Virginia  that  I’ve 
got  a  lot  of  confidence  in.  His  core  training  is  not  in  information 
technology.  But  he  is  an  intuitive  leader,  a  business  analyst  who 
has  an  enterprisewide  vision  of  how  the  GTA  can  be  the  trusted 
internal  resource  to  agencies  for  technology  solutions. 

The  way  I  look  at  GTA  is  as  somewhat  of  an  IBM  Solutions  type 


of  agency  for  the  state  of  Georgia,  to  help  agencies  think  through 
their  processes,  to  think  through  the  operations  that  they  need,  to 
help  them  to  define  within  the  context  of  the  state  what  is  the  best 
use  of  technology. 

Why  was  it  more  important  for  the  CIO  to  have  business 
knowledge  than  to  have  technology  knowledge? 

I  wanted  a  business  leader  there  because  the  job  is  not  simply  about 
technology.  Technology  is  the  tool  that  we  use  for  improving  busi¬ 
ness  processes  and  for  business  productivity.  Both  for  learning  to  do 
the  right  things,  which  I  define  as  effectiveness,  and  doing  them  in  a 
way  that  provides  the  greatest  value,  which  I  think  is  efficiency. 

I  don’t  think  you  have  to  be  a  technologist  to  know  what  the 
application  of  technology  to  business  processes  can  achieve.  It  was 
Patrick’s  ability  to  analyze,  to  assess,  to  prioritize  and  to  have  a  busi¬ 
ness  model  for  the  future  that  impressed  me.  He  has  a  vision  to  lead 
GTA  not  in  a  purely  reactive  mode,  but  in  a  very  strategic  fashion  in 
order  to  build  a  long-term  IT  model  for  the  state  that  would  bring 
[its  agencies]  together,  that  would  create  the  synergies  that  I  think 
are  available  in  an  organization  this  size. 

One  of  the  challenges  the  public  sector  faces  is  keeping  up  with 
the  pace  of  technology  change.  How  important  is  it  that  Georgia 
stay  current  in  terms  of  IT? 

I  don’t  think  we  have  to  always  have  the  latest,  greatest,  cutting- 
edge  technology  as  long  as  what  we’re  using  is  functional,  efficient 
and  productive. 

As  rapidly  as  technology  is  changing  nowadays,  in  an  organiza¬ 
tion  this  size,  you  can  spend  most  all  of  your  time  and  most  of  your 
capital  just  retooling  every  few  months  to  have  the  latest  and  greatest. 


Fastest  Growing  Middleware 


Source:  Gartner  "Market  Share:  Application  Integration,  Middleware  and  Portal  Software,"  Worldwide,  2005.  Based  on  2005  license  revenue  worldwide. 


I  think  we  have  to  do  [big  technology  change]  in  stages.  Training  is  a 
huge  part  of  any  deployment  of  new  technology,  and  there  has  to  be  a 
certain  total  life  cost  that’s  amortized  from  a  training  perspective  and 
from  a  utilization  perspective,  before  we  make  decisions  to  move  into 
the  beta  approach  of  any  new  technology.  Oftentimes,  we  are  prob¬ 
ably  not  well-served  by  trying  to  be  the  first  to  test  something. 

As  you  say,  you  have  to  digest  big  projects  in  stages.  What  are 
some  of  the  big  projects  being  phased  in  right  now? 

We  are  just  rolling  out  a  project  that  was  painfully  slow  and  cost 
millions  of  dollars:  our  Statewide  Automated  Child  Welfare  Infor¬ 
mation  Systems  (Sacwis).  Sacwis  didn’t  even  exist  when  I  took 
office.  There  were  several  attempts  to  put  a  system  in  place  dating 
back  several  years,  but  each  one  failed  for  a  variety  of  reasons,  most 
related  to  poor  project  management  and  problems  with  the  pro¬ 
curement  process.  But  it  is  a  moral  imperative.  [A  federal  mandate 
also  requires  that  all  states  develop  a  comprehensive  automated 
case  management  tool  to  support  state  child  protection  workers.] 
We  put  a  priority  on  it  when  we  got  here,  we  put  project  managers 
on  there,  and  we  believe  we’ve  got  a  good  functioning  system  that 
we  are  rolling  out  statewide  in  a  very  aggressive  fashion. 

The  other  system,  where  there  had  also  been  some  multimillion- 
dollar  hiccups,  is  our  student  information  system  in  our  Depart¬ 
ment  of  Education.  I  believe,  to  do  the  right  thing  by  our  students, 
we  need  a  good  student  information  system.  [The  Georgia  Statewide 
Student  Information  System  assigns  all  students  a  unique  identifier 
that  allows  the  state  to  track  their  progress  as  they  move  from  school 
to  school  and  match  their  test  scores  to  their  records.] 

This  is  one  area  I  thought  we  were  making  great  progress.  But 
we’ve  had  some  disappointing  setbacks  over  the  last  year  so  we 
are  going  to  put  in  more  intensive  project  management.  GTA  has 
assumed  a  primary  role  in  that  project,  where  heretofore  it  was 
controlled  by  the  Department  of  Education. 

Someone  has  to  own  the  project.  Oftentimes 
we  delegate  these  things  down  to  a  bureaucracy 
and  no  one  is  in  charge.  It’s  almost  like  buil¬ 
ding  a  house  by  committee:  It  would  almost 
never  get  done. 


Many  states  are  trying  to  transform  their  IT  organizations. 
Some,  like  Michigan,  are  taking  on  the  task  themselves.  Others, 
like  Texas  and  Virginia,  have  brought  in  outsourcers.  What  is 
the  right  model  for  Georgia? 

Georgia  is  better  served  with  a  balanced  approach.  I  believe  that 
GTA  can  be  that  internal  consultant  for  IT  solutions.  From  an  oper¬ 
ations  standpoint,  the  private  sector  probably  has  the  expertise 
and  experience  [to  execute  our  ideas],  as  long  as  we  know  what  we 
want.  We  do  believe  we  have  to  retain  some  IT  capability  to  make 
sure  that  we  know  what  the  capabilities  of  the  technology  are,  so 
that  we  can  put  smart  RFPs  out  on  the  street  and  so  we  can  be  very 
clear  in  communicating  what  our  expectations  are. 

Frankly,  I  believe  that  public/private  competition  is  perfectly 
OK.  Whether  our  citizens  can  be  better  served  by  a  public  enter¬ 
prise  providing  a  service  or  by  a  private  enterprise,  they  really  don’t 
care. 

What  do  you  think  are  the  biggest  challenges  today  facing  the 
state  generally  and  the  GTA  specifically? 

Actually,  it’s  a  lack  of  rain;  we’re  really  dry. 

Not  much  IT  can  do  about  that,  I  guess. 

You  never  can  know.  But  the  challenge  for  the  GTA,  again,  is  to 
provide  value  to  our  citizens  by  using  the  tools  of  technology  in  a 
more  productive  way. 

Your  term  will  be  up  in  2010.  In  terms  of  the  state  and  its  effec¬ 
tive  use  of  technology,  what  would  you  like  your  legacy  to  be? 

The  only  legacy  I  have  is  putting  good  people  in  place  who  have 
good  judgment,  who  understand  value,  who  understand  how  to 
improve  processes.  Even  in  administrative  areas.  How  to  cut  out 
the  fat  and  to  provide  enough  lubricant  in  the  [system]  so  that 
processes  function  together  with  as  little  friction 
as  possible.  BE! 


Senior  Editor  Stephanie  Overby  can  be  reached  at 
soverby@cio.com.  To  comment  on  this  story,  go  to  the 
online  version  at  www.cio.com/articie/128400 . 
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The 

Collaboration  Gap 

ANDHOWTO BRIDGE  IT 


ERIN  GRIFFIN,  CIO  AND  VICE  PRESIDENT 

of  IT  at  Loyola  Marymount  University  (LMU) 
and  Mitch  Davis,  CIO  of  Bowdoin  College,  met 
three  summers  ago  at  Snowmass,  near  Aspen, 

Colo.,  during  a  conference  on  academic  com¬ 
puting.  They  chatted,  shared  experiences 
about  their  respective  challenges  and  traded 
some  ideas.  But  it  didn’t  occur  to  either  of  them 
that  they  could  join  forces  until  they  met  up 
again  in  2005  at  the  same  conference. 

They  were  leaving  a  session  about  disaster  recovery,  reflecting,  Griffin  remembers,  that  they 
were  both  in  similar  jams.  Disaster  recovery  solutions  from  vendors  were  expensive— espe¬ 
cially  for  small  colleges  (like  LMU  and  Bowdoin)  with  limited  budgets.  Griffin  and  Davis 
joked  about  how  easy  it  would  be  for  people  to  replicate  each  other’s  data  centers  if  only  they 
were  willing  to  work  together.  Then  came  the  epiphany. 

“We  said,  What  if  we  actually  did  it?”  Davis  recalls.  Half  a  year  later,  Griffin,  who  is  based  in 
Los  Angeles,  and  Davis,  in  Brunswick,  Maine,  began  developing  a  solution  that  allows  them 
to  host  each  other’s  disaster  recovery  sites.  And  it  has  cost  a  mere  fraction  of 
what  it  would  have  to  hire  a  vendor. 

Samuel  Gaer,  executive  VP  and  CIO  of  the  New  York  Mercantile  Exchange 
(Nymex),  faced  a  different  problem.  A  major  competitor  was  encroaching  on 
Nymex’s  market  share  by  offering  competing  energy  futures  contracts  on 
a  “side  by  side”  system  for  trading  both  securities  and  their  options,  while 
Nymex  was  still  executing  them  manually  (brokers  screaming  out  orders  in 
the  trading  pit)  from  its  trading  floor  during  daytime  business  hours.  Gaer 
needed  to  get  Nymex’s  contracts  online  in  a  hurry.  Nymex  had  a  system  ready 
(ClearPort)  that  it  had  upgraded,  but  Gaer  knew  that  the  Chicago  Mercantile 
Exchange  (CME),  which  specializes  in  financial  futures,  had  a  well-estab- 


Reader  ROI 

::  Where  resistance  to 
col  laboration  comes  from 

::  Howto  define  project 
metrics  that  make  sense 
for  both  parties 

::  Why  personal  relationships 
are  a  critical  success  factor 


Everyone  admits 
that  collaboration 
for  innovation  is 
good.  It’s  also  rare. 
And  when  it  works, 
it’s  beautiful. 

BY  C.G.  LYNCH 
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lished  electronic  trading  platform  called  Globex.  “From  a  technical 
standpoint,  our  system  was  robust,  but  CME  [and  Globex]  still  had 
some  distinct  advantages,”  he  says.  For  instance,  Globex,  which  had 
been  around  since  1992,  had  been  more  heavily  tested  and  as  a  result 
was  more  scalable.  So  Gaer  swallowed  hard  and  called  CME  COO 
Phupinder  Gill  to  propose  a  partnership. 

“I  essentially  said,  ‘Why  should  Nymex  reinvent  the  wheel  when 
we  can  collaborate?’”  Gaer  recounts.  Working  together  over  the  next 
year,  Nymex  and  CME  came  to  an  agreement  that  enabled  Nymex  to 
list  its  futures  contracts  on  Globex. 

The  partnership  helped  extend  CME’s  Globex  plat¬ 
form,  improving  its  customers’  experience  (many  also 
did  business  with  Nymex).  For  Nymex,  trading  volume 
in  the  crude  oil  futures  it  offered  grew  from 220,000  to 
more  than  500,000  a  day  in  6  to  8  months. 

The  Collaboration  Imperative 

These  efforts  (for  which  Loyola  Marymount  and 
Nymex  each  received 2007 CIO  100  awards;  go  to  www 
.cio.com/cio-1 00/2007/  for  all  the  honorees)  represent 
a  growing  trend  among  companies  toward  collaborat¬ 
ing  with  industry  peers.  A  global  study  by  IBM  of  765 
CEOs  last  year  revealed  that  more  than  75  percent  place 
a  priority  on  partnering  outside  their  organizations  to 
create  innovation.  But  there  remains  a  collaboration 
gap,  with  only  50  percent  actually  reaching  beyond 
their  own  enterprise  to  partner  with  another  organi¬ 
zation.  That  gap,  the  study  concludes,  represents  an 
opportunity  for  CIOs  to  lead  the  way  as  facilitators  of 
intercompany  collaboration. 

But  assuming  this  role  is  a  challenge  for  IT  depart¬ 
ments,  which  typically  take  pride  in  in-house  innova¬ 
tion.  “The  role  of  the  inventor  is  disappearing,”  says  Navi  Radjou,  VP 
at  Forrester  Research.  “They  need  to  stop  inventing  and  take  on  the 
role  of... transforming  raw  technologies  into  a  meaningful  application 
for  [the]  business.” 

LMU  and  Nymex  have  reached  out  to  transform  the  way  business 
is  done  in  their  industries.  In  so  doing,  they’re  helping  to  define  best 
practices  for  partnerships  in  business  innovation. 

Howto  Bringthe  Boss  Along 

Even  though  most  CEOs  might  tell  IBM’s  survey  team  that  they 
would  welcome  external  partnerships,  they  still  have  to  be  convinced 
that  these  partnerships  with  putative  competitors  are  good  for  busi¬ 
ness.  There  are  three  factors  that  count  with  the  boss:  good  timing,  a 
solid  ROI  and  an  immediate  business  need. 

Griffin  and  Davis  conceived  the  disaster  recovery  plan  for  LMU 
and  Bowdoin  in 2005.  They  were  still  brainstorming  when  Hurricane 
Katrina  devastated  the  Gulf  Coast  in  August  and  forced  colleges  such 
as  Tulane  in  New  Orleans,  to  shut  down.  Disaster  recovery  became  a 
hot  topic.  “All  of  a  sudden  people  were  interested  in  it,”  Griffin  says.  “So 
we  took  it  to  our  senior  administrations.”  Cost  became  the  overriding 
factor,  Bowdoin’s  Davis  says.  “I’d  been  thinking  about  what  it  would 
cost  to  do  disaster  recovery  with  a  vendor— you  just  couldn’t  do  it.” 


In  the  case  of  Nymex,  CEO  James  Newsome  was  keenly  aware  that 
the  company  had  put  significant  time  and  money  into  ClearPort.  But 
in  2005  Nymex  developers  were  still  putting  the  system  through 
its  paces.  So  when  Gaer  made  the  case  to  collaborate  with  CME,  he 
emphasized  the  benefits  of  speed  and  economics. 

“I  said  that  CME  spent  $7  billion  in  seven  years  building  a  world¬ 
wide  distribution  market  for  Globex,”  says  Gaer.  “If  we  put  our 
products  on  Globex,”  he  argued,  “then  we’d  have  the  immediate  dis¬ 
tribution  we  needed.” 


Newsome  bought  Gaer’s  argument,  acknowledging  that  the  deci¬ 
sion  ultimately  was  about  business,  not  technology. 

There  were  some  sticking  points  during  negotiations.  For  exam¬ 
ple,  Nymex  worried  about  ceding  some  control  over  its  technology 
to  CME.  In  exchange,  Nymex  wanted  CME  to  sign  a  noncompete 
agreement  promising  not  to  list  futures  contracts  that  resembled 
Nymex’s.  CME  eventually  agreed,  and  the  deal  went  forward.  (In  June, 
the  companies  quashed  rumors  that  they  were  discussing  a  merger 
after  the  Bloomberg  news  agency  reported  Nymex  was  exploring  a 
sale  with  three  potential  partners,  including  CME.  Executives  from 
both  companies  said  that  they  plan  to  continue  their  partnership  as 
independent  entities.) 

How  to  Bring  Your  Staff  Along 

Once  Gaer  worked  out  the  deal  with  CME,  he  had  an  ugly  job  ahead 
of  him:  telling  his  developers  that  their  ClearPort  platform  was  being 
shelved  in  favor  of  Globex.  “It  was  one  of  the  hardest  things  I  had  to 
do,”  he  says.  “We  had  our  own  system  that  we  believed  was  bleeding 
edge.  There  was  a  lot  of  pride  of  ownership.” 

Gaer’s  problem  was  a  common  one,  says  Forrester’s  Radjou,  as 
IT  staff  are  urged  to  let  go  of  their  role  as  inventors.  “You  don’t  want 
them  to  think  they’re  not  good  at  what  they’re  doing,”  he  says.  Making 


Words  to  Collaborate  By 

How  two  CIOs  with  separate  collaboration  experiences 
view  partnerships 

SAMUEL  GAER,  CIO,  NEW  YORK  MERCANTILE  EXCHANGE: 

“I  can  code  in  seven  different  languages,  but  I’m  a  business  guy.”  When  Gaer 
proposed  listing  Nymex’s  energy  futures  contracts  on  the  Globex  platform 
run  by  the  Chicago  Mercantile  Exchange,  he  told  his  boss:  “This  has  nothing 
to  do  with  a  lack  of  faith  in  our  abilities;  this  has  everything  to  do  with  a  for¬ 
ward-looking  business  relationship.” 

ERIN  GRIFFIN,  CIO,  LOYOLA  MARYMOUNT  UNIVERSITY: 

A  successful  collaboration  pairs  partners  with  complementary  skills,  says 
Griffin,  and  that’s  what  she  found  with  Bowdoin  College  CIO  Mitch  Davis. 
“Mitch  is  the  king  of  the  creative  idea.  I’m  a  process  and  planning  person.” 
Together,  Davis  and  Griffin  built  a  disaster  recovery  system  for  both 
schools.  “Not  only  did  our  staffs  have  complementary  skills,”  says  Griffin, 
“we  did  as  well."  -C.L. 
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“As  much  as  electronic  collaboration  is  great,  sometimes  it  helps  to 
meet  people  face-to-face  and  get  a  sense  of  what  kind  of  sushi  they  eat, 
or  if  they  prefer  Fenway  Park  or  Dodger  Stadium.” 

-LOYOLA  MARYMOUNT  CIO  ERIN  GRIFFIN 


sure  that  your  IT  staff  is  given  ways  to  make  valuable  contributions 
to  the  project  is  critical. 

The  Nymex  developers  weren’t  blindsided  by  the  news  of  the  part¬ 
nership  (there  had  been  rumors  of  the  deal  in  the  marketplace)  but 
there  were,  Gaer  believes,  bruised  egos.  So  in  town  hall  meetings,  he 
went  out  of  his  way  to  make  it  clear  to  the  developers  that  their  tech¬ 
nological  work  was  sound.  Establishing  that  allowed  him  to  explain 
the  business  imperatives. 

Of  course,  not  all  the  developers  were  convinced,  so  Gaer  encour¬ 
aged  them  to  vent  and  to  challenge  him.  “  [I  would]  walk  to  the  bottom 
of  the  floor  and  say,  ‘Ask  me  what  you  want.  Say  the  emperor  has  no 
clothes.’”  He  also  established  an  open-door  policy  for  his  staff  to  speak 
with  him  privately  if  they  didn’t  feel  comfortable  doing  so  in  the  town 
hall  forum.  Gaer  believes  that  his  openness  and  willingness  to  hear 
criticism  helped  the  staff  come  to  trust  and  get  behind  the  decision. 

Gaer  and  CME  CIO  and  managing  director  Jim  Krause  also  gave 
the  Nymex  IT  department  an  active  role  in  the  Globex  integration. 
While  CME,  which  deals  primarily  in  financial  futures,  wasn’t  new 


to  energy  futures  (it  had  once  listed  a  few  Nymex  products),  it  still 
relied  on  Nymex  IT’s  expertise  to  help  with  the  migration. 

Leverage  Each  Other’s  Strengths 

After  LMU  and  Bowdoin  got  their  staff  and  leadership  teams  on 
board,  the  next  step  was  to  assess  the  strengths  and  weaknesses 
of  each  organization.  The  approach  was  simple:  Figure  out  which 
organization  was  better  versed  in  a  particular  technology  and  let 
that  organization  help  the  other  implement  it.  Griffin  and  Davis’s 
ultimate  goal  was  to  replicate  each  other’s  IT  departments  as  much 
as  possible— from  their  Web  infrastructure  to  e-mail,  to  servers.  By 
mirroring  each  other,  they  could  easily  take  on  each  other’s  operations 
if  a  disaster  occurred. 

According  to  Griffin,  Bowdoin  had  a  good  handle  on  VMware,  but 
LMU  had  a  better  grip  on  Microsoft  Exchange.  So  they  helped  each 
other  deploy  the  technologies  they  knew  best,  mixing  and  matching 
until  their  IT  departments  were  like  twins.  “Now  you  can  go  right 
down  the  list  of  places  where  we  match,”  Davis  says. 


Metrics  for  Everyone’s  Success 

Collaborating  with  partners  in  one’s  own  industry  often  breaks 
new  ground.  Therefore,  measuring  outcomes  can  be  difficult.  “We 
were  looking  for  measures  of  success,  and  we  found  that  we  sort  of 
redefined  them  as  we  went  along,”  says  Griffin. 

One  way  to  ensure  that  a  partnership  succeeds  is  to  mind  your 
partner’s  goals.  For  example,  while  both  LMU  and  Bowdoin  wanted 
anew  disaster  recovery  solution,  they  needed  it  for  different  reasons. 
Given  Maine’s  rough  winters,  Bowdoin  would  need  LMU’s  services 
frequently  for  short  periods  due  to  storms  that  cause  power  outages 
several  times  a  season.  LMU,  on  the  other  hand,  would  most  likely 
need  Bowdoin  only  in  case  of  a  large  earthquake  or  terrorist  attack. 
(The  LMU  campus  is  near  Los  Angeles  International  Airport,  which 
has  been  targeted  by  terrorists  in  the  past,  including  an  attempt, 
thwarted  by  U.S.  authorities,  to  bomb  the  airport  on  New  Year’s  Eve 
1999.  (Snow  storms,  conversely,  are  rare  in  the  L.  A.  area.) 

The  partners  designed  each  other’s  emergency  sites  to  reflect  the 
frequency  and  magnitude  of  their  needs.  For  instance,  LMU  would 
need  the  ability  to  conduct  all  classes 
remotely  for  several  months  in  the  event  of 
a  major  disaster.  As  such,  it  would  need  to 
retain  access  to  one  semester  of  a  fully  popu¬ 
lated  course  management  system.  Bowdoin, 
however,  had  no  such  need.  Each  scaled  its 
storage  plans  accordingly. 


Collaboration  Theory 


For  another  view  on  this  topic,  read  an  excerpt 
from  WIKINOMICS:  HOW  MASS  COLLABORA¬ 
TION  CHANGES  EVERYTHING  at  www.cio.com/ 
article/28512. 
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IftheCIOsina  partnership  have  a  good  relationship,  their  goodwill 
will  trickle  down  to  their  teams.  “We  had  mutual  respect  for  each 
other,  and  I  think  that  transferred  quickly,”  says  Bowdoin’s  Davis. 

Gaer  and  Krause  are  friends  and  had  worked  together  in  the  past. 
“That  really  helped— having  the  familiarity  from  a  cultural  as  well  as 
a  technology  level,”  Gaer  says.  As  their  teams  got  to  know  each  other, 
they  developed  close  relationships. 

Griffin  and  Davis  helped  transfer  the  energy  of  their  friendship  to 
their  teams  by  bringing  their  managers  to  Snowmass,  the  birthplace 
of  the  project.  “We  did  some  bonding  over  frisbee,  golf,  rafting  and 
hiking,”  says  Griffin.  “As  much  as  electronic  collaboration  is  great,  it 
helps  to  meet  people  face-to-face  and  get  a  sense  of  what  kind  of  sushi 
they  eat,  or  if  they  prefer  Fenway  Park  or  Dodger  Stadium.” 

Griffin  says  that  because  collaboration  with  a  peer  organization  is 
still  a  new  concept,  IT  staffs  tend  to  view  it  with  caution.  It  takes  enthu¬ 
siastic  leadership  from  the  CIO— and  a  few  gung-ho  staff  members— 
to  get  things  moving.  “There  was  some  trepidation  at  first,”  Griffin 
says.  “But  I  have  a  couple  of  people  who  saw  this  as  exciting.  Some¬ 
times  it  takes  a  few  people  who  look  at  the 
world  differently  to  make  a  collaboration 
effort  like  this  contagious.”  BIS 


Associate  Staff  Writer  C.G.  Lynch  can  be 
reached  at  clynch@cio.com.  To  comment  on 
this  story,  write  to  letters@cio.com. 
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The  Power  of  the  Many 


You’ve  probably  received  an  invite  to  Linkedln,  a  popu¬ 
lar  corporate  social  networking  site.  Or  maybe  you’ve 
heard  your  teenage  son  or  daughter  talk  about  the 
coolness  of  Facebook  or  My  Space.  Social  networking— inter¬ 
active,  collaborative  online  communities  created  by  technol¬ 
ogy— has  certainly  gone  mainstream.  And  now 
it’s  becoming  a  value-added  feature  of  the  corpo¬ 
rate  landscape.  Although  social  networking  has 
raised  security  and  liability  concerns,  CIOs  in 
the  Council  are  embracing  it,  even  leveraging  it, 
for  its  attendant  benefits  of  collaboration,  enter¬ 
prise  knowledge  management  and  brand  and 
mission  extension. 

Collaboration:  Miley  Ainsworth,  director  of 
IT  innovation  at  FedEx  Services,  started  using 
social  networking  principles  in  late  2006  as  part  of  FedEx’s 
internal  innovation-focused  website,  Face  Net  (a  play  on 
Facebook).  FedEx  users  enter  areas  of  personal  interest  and 
expertise  and  then  identify  colleagues  with  similar  entries. 
Users  can  join  issue  groups,  collaborate  on  projects  and 
even  post  video  how-tos. 

“Ideally,  I’d  like  to  have  Face  Net— and  social  networking 
in  general— become  an  accepted  part  of  doing  business  at 
FedEx,”  says  Ainsworth,  whose  40-member  team  includes 
four  dedicated  to  social  networking.  To  do  so,  Ainsworth 
knows  that  the  user  base  must  grow  quickly.  Participation 


is  encouraged  through  prizes  like  iPods  and  other  gadgets. 

Collaboration  is  also  the  payoff  for  Lockheed  Martin. 
“We  decided  to  respond  to  social  networking  using  a  mar¬ 
tial  arts  philosophy— ‘go  with  the  momentum’— and  then 
use  this  momentum  to  encourage  collaboration,”  says  Joe 
Cleveland,  Lockheed  Martin’s  CIO  and  presi¬ 
dent  of  Enterprise  Information  Systems.  “As 
the  newer  generation  of  workers  started  com¬ 
ing  on  the  job,  we  saw  how  comfortable  they 
were  using  instant  messaging  to  bounce  proj¬ 
ect  ideas  off  each  other.  We  also  noticed  that 
they  were  being  quite  effective  and  efficient,” 
says  Cleveland. 

But  along  with  collaboration  came  secu¬ 
rity,  compliance  and  governance  concerns. 
“For  example,  even  something  as  simple  as  embedding  a 
hyperlink  in  an  instant  message  is  problematic  because 
hyperlinks  can  open  attack  vectors  that  include  virus 
propagation,  spyware  infection  and  malicious  code  exe¬ 
cution,”  says  Cleveland.  He  updated  security  guidelines, 
set  up  training  sessions  to  inform  users  about  potential 
breaches  and  provided  other  IT  support  as  needed.  (See 
“Social  Security,”  Page  80,  for  a  list  of  CIO-suggested  secu¬ 
rity  measures.) 

Cleveland  says  he  has  already  seen  positive  results  from 
social  networking’s  Continued  on  Page  80 


JOE  CLEVELAND 


[innovation] 

THEIR  SPACE 

It’s  easiertothinkoutside  the  box  when 


you’re  actually  located 

Miley  Ainsworth,  director 
of  IT  innovation  at  FedEx 
Services,  is  in  charge  of 
social  networking  projects 
and  researching  other 
next-generation  technol¬ 
ogy  tools.  Ainsworth  and 
his  40-member  team— four 


..outsidethebox 

of  whom  are  dedicated  to 
social  networking— are 
housed  at  FedEx  Labs  in 
downtown  Memphis,  geo¬ 
graphically  separate  from 
the  rest  of  FedEx.  The  team 
sits  on  the  third  floor  of  a 
renovated  1900s  furniture 


warehouse  on  the  Missis¬ 
sippi  that  some  refer  to  as 
"California  on  the  River,” 
harking  back  to  the  days 
of  innovation  and  dotcoms 
in  Silicon  Valley.  The  office 
space  has  easily  con¬ 
figurable  furniture,  offices 
and  cubes  to  encourage 
new  ways  of  collabora¬ 
tion  and  work.  There  was 
even  a  rooftop  view  of  the 
Memphis  Triple-A  baseball 


affiliate  (the  Redbirds)  for 
those  who  find  inspiration 
in  baseball,  until  construc¬ 
tion  blocked  it.  “The  truly 
collaborative  workspace 
helps  to  replace  a  more 
traditional  mind-set;  for 
us,  the  location  breathes 
new  ways  of  decision  mak¬ 
ing  and  thinking— which  is 
exactly  what  we  are  tasked 
to  do,”  says  Ainsworth. 

-C.M. 


78  SEPTEMBER  15,  2007  |  www.cio.com 


Creating  and  migrating  CDS 


TATA 


to  the  world's  most  advanced  settlement 
system  with  zero  error.  That's 


WMTF/ATFMTF/® 


r/AxTr 


I /“AC 


PMT 


Nowhere  is  the  pace  of  change  better  understood  than  in  global  capital  markets.  CDS  Clearing 
and  Depository  Services  Inc.  (CDS)  aimed  to  build  a  trade  settlement  system  that  would  be 
capable  of  meeting  future  standards.  As  one  of  the  world's  fastest  growing  technology  and 
business  solutions  providers,  Tata  Consultancy  Services  (TCS)  helped  CDS  to  meet  this  challenge. 
TCS  developed  a  highly  automated  system  that  not  only  slashed  the  trade  settlement  time 
but  also  dramatically  reduced  the  overall  cost  of  processing  securities.  Drawing  on  its  global 
expertise,  TCS  helped  CDS  respond  faster  to  markets,  setting  standards  for  one  of  the  most 
sophisticated  industries  in  the  world.  And  of  course,  enabling  CDS  to  experience  certainty. 


TATA  CONSULTANCY  SERVICES 

Experience  certainty. 

IT  Services  ■  Business  Solutions  ■  Outsourcing 


To  learn  how  your  business  can  experience  certainty,  visit  www.tcs.com 
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SOCIAL  NETWORKING 


[PEER  COUNSEL] 

Social  Security 


Joe  Cleveland,  Lockheed  Martin’s  CIO 
and  president  of  Enterprise  Information 
Systems,  has  developed  security  guide¬ 
lines  forCIOsforkeepingtheirsocial 
networking  environment  safe: 

♦  Educate  the  user  base  on  potential 
security  issues 

♦  Monitor  the  type  of  information 
being  posted 

♦  Manage  access  to  the  information 

♦  Define  processes  for  rules  of 
engagement  and  complaints  for 
various  user  communities 


♦  Employ  a  strict  Terms  of  Use  agree¬ 
ment 

♦  Identify  a  dedicated  staff  person  as 
a  single  point  of  contact  for  com¬ 
munity  members 


♦  Log  all  traffic 

♦  Create  storage  guidelines  and  time 

frame  for  keeping  data  -C.M. 

"I  realized  pretty 
quickly  that  all  of 
this  knowledge  and 
work  generated  by 
social  networking 
had  to  be  identified 
and  stored  so  it  could 
be  reused  by  other 
members  of  the 
team." 

-LOCKHEED  MARTIN  CIO  JOE  CLEVELAND 


Many  Power 

Continued  from  Page  78 


real-time  collaboration,  espe¬ 
cially  in  terms  of  reduced  project 
cycle  times. 

Knowledge  management:  With 
all  this  collaboration,  a  lot  of  valu¬ 
able  knowledge  is  created  and  CIOs 
are  focusing  on  how  best  to  capture 
it.  “I  realized  pretty  quickly  that 
all  of  this  knowledge 
and  work  generated 
by  social  networking 
had  to  be  identified 
and  stored  so  that  it 
could  be  reused  by 
other  members  of  the 
team,”  Cleveland  says. 

A  cross-functional 
knowledge-shar¬ 
ing  team,  including  20  members 
from  IT,  is  creating  a  knowledge 
management  infrastructure  so  that 
the  results  of  collaboration  can  be 
packaged  for  broader  use  across 
the  organization.  This  year,  they’ve 
been  creating  rules  and  processes  to 
store,  find  and  characterize  informa¬ 
tion  using  tools  such  as  pull-down 
menus  and  specific  tags. 

Kidjit  Dharni,  former  director 
of  architecture  and  development 
at  Babson  College,  is  leading  a 
two-year  social  networking  project 
called  Digital  Babson,  which  has 
a  significant  knowledge  manage¬ 
ment  component.  “User-generated 
content  is  key  to  our  project;  the 
ability  to  quickly  and  accurately 
access  this  knowledge  is  a  prior¬ 
ity,”  says  Dharni. 

Brand  extension:  Marla  David¬ 
son,  CIO  and  executive  VP  for  strat¬ 
egy  management  at  the  Arthritis 
Foundation,  is  considering  how 
social  networking  will  impact  her 
organization’s  mission,  both  in 
terms  of  identifying  donors  and 
providing  programs  to  those  with 


arthritis.  “We’ve  realized  that  this 
isn’t  your  father’s  donor  pool  any¬ 
more,”  she  says.  Personalized  donor 
websites  pushed  out  to  networks  of 
friends  and  families  have  become 
routine  among  nonprofits.  But 
Davidson  is  also  thinking  about  how 
social  networking  can  lead  to  new 
ways  to  do  fund-rais¬ 
ing  and  the  issues  that 
may  arise.  For  exam¬ 
ple,  she  heard  about  an 
individual  (outside  of 
the  Arthritis  Founda¬ 
tion)  who  ran  a  fund¬ 
raising  campaign  on 
Second  Life,  an  alter¬ 
nate  Web  society,  and 
then  cashed  out  the  results  into  real 
dollars  for  the  charity.  Davidson 
believes  such  fund-raising  behavior 
will  only  increase,  so  the  foundation 
must  be  prepared. 

Davidson  and  her  Internet  team 
created  online  communities  of  inter¬ 
est  on  the  foundation’s  website  orga¬ 
nized  by  different  types  of  arthritis 
and  by  native  language.  Although 
it’s  been  successful,  Davidson  wor¬ 
ries  about  liability  issues  associated 
with  the  health  conversations  taking 
place  under  the  foundation  banner. 
Members  of  the  foundation’s  Inter¬ 
net  staff  monitor  the  discussions 
and  offer  comments  and  corrections 
if  incorrect  medical  information  is 
being  passed  along.  With  social  net¬ 
working,  “you  have  to  learn  to  be 
comfortable  in  a  world  where  you 
don’t  know  all  of  the  answers  and 
things  are  changing  every  day,”  says 
Davidson.  BE2 


Carrie  Mathews  is  a  program  director 
at  the  CIO  Executive  Council.  To  com¬ 
ment  on  this  article,  e-mail  letters@ 
cio.com. 


MARLA 

DAVIDSON 


; 


□ 


The  CIO  Executive  Council  is  a  professional  organization  for  CIOs  founded  by  CIO’s  publisher.  To  learn  more  about  the  Council, 
visit  www.cioexecutivecouncil.com  or  contact  Vice  President  of  Development  Dexter  Siglin  at  dsiglin@cio.com  or  508  935-4493. 
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WHEN  INFORMATION  AVAILABILITY  MATTERS 


SunGard.  Setting  new  standards  for 
Information  Availability  by  delivering 
a  range  of  solutions  that  meet  your 
specific  availability  objectives.  Flexible 
enterprise  wide  solutions  from  IT 
management  to  AdvancedRecoverySM. 
2,500  experts.  Three  decades  of 
experience.  100%  successful 
recovery  track  record. 

To  see  how  SunGard  can  help 
improve  your  IT  availability  stop 
by  www.availability.sungard.com 
or  call  800-871-5857  today. 


SUNGARD 

Availability  Services 


Keeping  People 
and  Information 
Connected! 


680  East  Swedesford  Road,  Wayne  PA  19087 
800-468-7483  |  www.availability.sungard.com 
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filings  I've  Learned 


THE  VOICE  OF  EXPERIENCE  *  AS  TOLD  TO 


Harvard  Business 
School  Professor 
John  Kotteris 

a  top  authority  on 
leadership  and  change. 
However,  he  says 
copingwith 
personal  change 
isn’t  always  easy. 


1  personally  admire 
Jack  Welch  as  a 
change  leader. 

I’ve  learned  many  les¬ 
sons  from  him.  He  said 
“the  world  is  moving  in 
nanoseconds,"  so  you 
better  be  sure  you’re  good 
at  change.  He  also  talked 
about  how  “incremental 
change  can  easily  be 
resisted  by  a  bureaucracy." 
Constant  baby-step 
improvement  is  fine,  but  it 
is  not  enough.  Sometimes 
sweeping  change  is  what 
you  need.  It’s  what  lead¬ 
ers  do. 


The  more 
adaptable  you 
are,  the  better. 

I’ve  found  that 
the  more  adapt¬ 
able  organiza¬ 
tions  are  to 
change,  the 
better  they  can 


sustain  high  performance 
over  time.  There  is  a  defin¬ 
itive  relationship  between 
leadership  and  change, 
which  is  how  I  got  into 
this  research  in  the  first 
place.  I  was  physics  major 
at  MIT.  I  got  into  electrical 
engineering  and  finally 
labor  economics,  followed 
by  business  school  and  a 
focus  on  organizational 
psychology.  During  my 
research  I  began  to  see 
a  relationship  between 
performance  and  change. 
Companies  that  were 
better  at  change  were 
performing  better  over 
time.  And  they  had  better 
leadership. 

The  basics  of 
leading  change 
are  a  function  of 
human  nature. 

I’ve  found  there  are  spe¬ 
cific  steps  in  the  process 
of  how  people  make  sig¬ 
nificant  changes.  They  are 
universal,  independent  of 
the  content.  They  apply 
to  process  reengineering, 
innovation,  new  business 
strategies,  you  name  it. 

These  eight  steps 
are  to  create  a  sense  of 
urgency,  put  the  right 
team  together,  create  a 
sensible  change  in  vision 
and  strategy,  communi¬ 
cate  the  plan  to  obtain 
buy-in,  empower  people 


KATHERINE  WALSH 


to  act,  garner  short-term 
wins,  pound  away  at  the 
changes  until  you  can 
implement  them  and 
then  make  them  stick. 
That  process  is  at  the 
heart  of  leading  change. 

Details  of 
leadership  are 
situational. 

As  situations  change 
culturally,  and  through 
time,  successful  leader¬ 
ship  styles  change,  too. 

If  you  look  at  the  people 
today  who  are  providing 
terrific  leadership  in  their 
organizations,  some  of  the 
things  they’re  doing  are 
different  from  their  1950s 
counterparts.  Today  there 
is  more  diversity  in  terms 
of  gender,  ethnic  back¬ 
ground  and  race. 

I've  led  change  in  my 
own  career. 

So  I  can  say  that  if  you 
don’t  know  how  to  do  it, 
good  luck!  The  better  you 
are  at  identifying  the  right 
steps,  the  higher  your 
chance  of  success.  In  my 
personal  life,  I  cope  with 
change  poorly  at  times 
(according  to  my  wife). 

But  I  create  change,  and  I 
do  it  well  because  I  have  a 
high  sense  of  urgency. 


To  comment,  go  to  www.cio 
.  com/article/129253 . 
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CISSP 


Relax. 

You  just  hired  an  (ISC)2  infosecurity 
pro  who’s  not  only  going  to  make  your 

day,  but  your  career. 

It’s  easy  to  kick  back  when  you’ve  got  the  worlds  best  information  security  employees  at  your 
command.  (ISC)2  credentials  are  the  Gold  Standard  of  the  industry.  When  you  see  (ISC)2  or  our 
globally  recognized  certifications  on  a  resume,  you  can  be  sure  that  you’re  getting  a  professional 
who  continually  updates  his  knowledge  to  keep  ahead  of  new  threats  to  your  organization  and 
most  importantly  has  solutions!  So  you  man  the  desk,  we’ll  get  the  job  done. 

For  more  information  on  (ISC)2’s  credential  and  educational  offerings,  please  visit  www.isc2.org/certify. 


tfOlHAr, 


»nd  Ac 

-o° 


\  o 

*A  £■ 

O  <b 

'a  x 

CISSP 

5  5 

at 

O 

.y 

CAP' 

° 

A 

•  > 

SSCP 

-  .\° 

ISO/1EC  17024 


OfESSiO^ 


ISO/iic  17024 


SECURITY  TRANSCENDS  TECHNOLOGY 


We're  secure.  We're  compliant. 

Now  we're  busting  out  the 

SHURIMDYA 

(Security  Helps  Us  Rake  In  More  Dollars,  Yen  And  Euros) 
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Congratulations.  Your  IT  security  is  working  hard.  But  there's  something  more  it  should  do  (besides  the  protection,  compliance, 
access,  etc.).  IT  security  should  actually  make  your  business  more  efficient.  More  flexible.  More  competitive.  CA  can  help.  Our 
Security  Management  centralizes  your  identity  and  access  management  to  turn  IT  security  into  a  proactive,  business-building 
tool.  So  your  security  strengthens  customer  relationships,  grows  partnerships  and  helps  your  enterprise  address  changing 
markets  with  ninja-like  agility.  All  with  CA's  best-in-class  modularity,  scalability  and  integration.  But  don't  just  take  our  acronym 
for  it.  Download  the  white  paper,  "Security  Management:  Aligning  Security  with  Business  Opportunities/'  at  ca.com/secure. 


GOVERN  •  MANAGE  •  SECURE 


Transforming 
IT  Management 


